From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg1-x535.google.com (mail-pg1-x535.google.com [IPv6:2607:f8b0:4864:20::535]) by sourceware.org (Postfix) with ESMTPS id B0C833885C35 for ; Mon, 23 Mar 2020 12:58:39 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org B0C833885C35 Received: by mail-pg1-x535.google.com with SMTP id a32so7157798pga.4 for ; Mon, 23 Mar 2020 05:58:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-disposition:user-agent; bh=WT/O4SqEZsHIrYw0n44ZnmdwFdAG6OhNADT7ELF0MzQ=; b=plncdX7KZcj1bdd+SgkFuHbfxYfMulJvyIgSQJhswZcD3bWnu0Vx6K4jdIqQ9NmYhb FBVnfHlvF9gcvvri7jOalV1Gicy/ZSVRhQBmnAILCwIAVBjiO3VnywzRSMADaexzP4It YHr8IFc+rozqWSAtaGipakEQWKUBJDsFxsKjLMCrYZgLsWH+41/3Wcj1JjPv1qejRckO EVkuabZNVlYKkbZjVrKWB16bAFu0RbRP1zqmiF/+8dORj+R81IgWSP4uHyQ0aQRmJnz2 pcjzzEZo0nVRkspflxsAQOVQAhdbRYQqDgjcny+EaxQXcBJP4ZGXeacWb2qU+tqWR0Ef faGQ== X-Gm-Message-State: ANhLgQ1iJXxq0fPaI5QEOd7amb4mlOLkQmU8czTP5pb5n1ao0AgOHkZI 5kikK8vBprURqxJD7bq+bLLgE8qE8YU= X-Google-Smtp-Source: ADFU+vtFHeef6cGNj6nqEQ4tdguEa8P3cSJLhj4vDjQ2s2fmSvR3q5SdxohIr6y01jZL6XwxGQ57tg== X-Received: by 2002:a63:c712:: with SMTP id n18mr13404551pgg.343.1584968318497; Mon, 23 Mar 2020 05:58:38 -0700 (PDT) Received: from bubble.grove.modra.org (158.106.96.58.static.exetel.com.au. [58.96.106.158]) by smtp.gmail.com with ESMTPSA id f64sm14086627pfb.72.2020.03.23.05.58.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Mar 2020 05:58:37 -0700 (PDT) Received: by bubble.grove.modra.org (Postfix, from userid 1000) id ED610806BF; Mon, 23 Mar 2020 23:28:33 +1030 (ACDT) Date: Mon, 23 Mar 2020 23:28:33 +1030 From: Alan Modra To: binutils@sourceware.org Subject: i386msdos uninitialised read Message-ID: <20200323125833.GT4583@bubble.grove.modra.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.9.4 (2018-02-28) X-Spam-Status: No, score=-29.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Mar 2020 12:58:41 -0000 Also reinstate ld i386aout for i386-msdos target, which doesn't build otherwise. Maybe the target should disappear? bfd/ * i386msdos.c (msdos_object_p): Don't access e_lfanew when that field hasn't been read. Remove unnecessary casts. ld/ * Makefile.am (ALL_EMULATION_SOURCES): Reinstate ei386aout.c. Include ei386aout dep file. * Makefile.in: Regenerate. * po/BLD-POTFILES.in: Regenerate. diff --git a/bfd/i386msdos.c b/bfd/i386msdos.c index 5b56751cd3..e9307a7a42 100644 --- a/bfd/i386msdos.c +++ b/bfd/i386msdos.c @@ -47,10 +47,10 @@ msdos_object_p (bfd *abfd) struct external_DOS_hdr hdr; bfd_byte buffer[2]; asection *section; - unsigned int size; + bfd_size_type size; if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0 - || bfd_bread (&hdr, (bfd_size_type) sizeof (hdr), abfd) < DOS_HDR_SIZE) + || (size = bfd_bread (&hdr, sizeof (hdr), abfd)) < DOS_HDR_SIZE) { if (bfd_get_error () != bfd_error_system_call) bfd_set_error (bfd_error_wrong_format); @@ -67,9 +67,11 @@ msdos_object_p (bfd *abfd) e_lfanew field will be valid and point to a header beginning with one of the relevant signatures. If not, e_lfanew might point to anything, so don't bail if we can't read there. */ - if (H_GET_16 (abfd, hdr.e_cparhdr) < 4 - || bfd_seek (abfd, (file_ptr) H_GET_32 (abfd, hdr.e_lfanew), SEEK_SET) != 0 - || bfd_bread (buffer, (bfd_size_type) 2, abfd) != 2) + if (size < offsetof (struct external_DOS_hdr, e_lfanew) + 4 + || H_GET_16 (abfd, hdr.e_cparhdr) < 4) + ; + else if (bfd_seek (abfd, H_GET_32 (abfd, hdr.e_lfanew), SEEK_SET) != 0 + || bfd_bread (buffer, (bfd_size_type) 2, abfd) != 2) { if (bfd_get_error () == bfd_error_system_call) return NULL; @@ -102,7 +104,7 @@ msdos_object_p (bfd *abfd) size += H_GET_16 (abfd, hdr.e_cblp); /* Check that the size is valid. */ - if (bfd_seek (abfd, (file_ptr) (section->filepos + size), SEEK_SET) != 0) + if (bfd_seek (abfd, section->filepos + size, SEEK_SET) != 0) { if (bfd_get_error () != bfd_error_system_call) bfd_set_error (bfd_error_wrong_format); diff --git a/ld/Makefile.am b/ld/Makefile.am index 4a9b8404b7..a64899fc09 100644 --- a/ld/Makefile.am +++ b/ld/Makefile.am @@ -312,6 +312,7 @@ ALL_EMULATION_SOURCES = \ ehppalinux.c \ ehppanbsd.c \ ehppaobsd.c \ + ei386aout.c \ ei386beos.c \ ei386bsd.c \ ei386go32.c \ @@ -800,6 +801,7 @@ $(ALL_EMULATION_SOURCES) $(ALL_64_EMULATION_SOURCES): $(GEN_DEPENDS) @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ehppalinux.Pc@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ehppanbsd.Pc@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ehppaobsd.Pc@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386aout.Pc@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386beos.Pc@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386bsd.Pc@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386go32.Pc@am__quote@ -- Alan Modra Australia Development Lab, IBM