[packages/binutils.git] / binutils-robustify6.patch

2005-06-21  Jakub Jelinek  <jakub@redhat.com>

	* libbfd-in.h (struct artdata): Add extended_names_size field.
	* libbfd.h: Rebuilt.
	* coff-rs600.c (_bfd_xcoff_archive_p): Don't clear fields in freshly
	allocated object by bfd_zalloc.
	* coff64-rs6000.c (xcoff64_archive_p): Likewise.
	* ecoff.c (_bfd_ecoff_archive_p): Likewise.
	* archive.c (_bfd_generic_mkarchive, bfd_generic_archive_p): Likewise.
	(get_extended_arelt_filename): Fail if index is bigger or equal to
	extended_names_size.
	(_bfd_generic_read_ar_hdr_mag): Don't set bfd_error_malformed_archive,
	get_extended_arelt_filename already did that.
	(_bfd_slurp_extended_name_table): Initialize extended_names_size field.
	Allocate one extra byte and clear it, in case extended names table
	is not terminated.

--- bfd/libbfd-in.h.jj	2005-06-20 12:16:18.000000000 +0200
+++ bfd/libbfd-in.h	2005-06-21 18:45:56.000000000 +0200
@@ -64,6 +64,7 @@ struct artdata {
   carsym *symdefs;		/* the symdef entries */
   symindex symdef_count;	/* how many there are */
   char *extended_names;		/* clever intel extension */
+  bfd_size_type extended_names_size; /* Size of extended names */
   /* when more compilers are standard C, this can be a time_t */
   long  armap_timestamp;	/* Timestamp value written into armap.
 				   This is used for BSD archives to check
--- bfd/libbfd.h.jj	2005-06-20 12:16:18.000000000 +0200
+++ bfd/libbfd.h	2005-06-21 18:46:32.000000000 +0200
@@ -69,6 +69,7 @@ struct artdata {
   carsym *symdefs;		/* the symdef entries */
   symindex symdef_count;	/* how many there are */
   char *extended_names;		/* clever intel extension */
+  bfd_size_type extended_names_size; /* Size of extended names */
   /* when more compilers are standard C, this can be a time_t */
   long  armap_timestamp;	/* Timestamp value written into armap.
 				   This is used for BSD archives to check
--- bfd/coff64-rs6000.c.jj	2005-06-09 10:58:49.000000000 +0200
+++ bfd/coff64-rs6000.c	2005-06-21 18:59:07.000000000 +0200
@@ -1983,10 +1983,12 @@ xcoff64_archive_p (abfd)
   if (bfd_ardata (abfd) == (struct artdata *) NULL)
     goto error_ret_restore;
 
-  bfd_ardata (abfd)->cache = NULL;
-  bfd_ardata (abfd)->archive_head = NULL;
-  bfd_ardata (abfd)->symdefs = NULL;
-  bfd_ardata (abfd)->extended_names = NULL;
+  /* Already cleared by bfd_zalloc above.
+     bfd_ardata (abfd)->cache = NULL;
+     bfd_ardata (abfd)->archive_head = NULL;
+     bfd_ardata (abfd)->symdefs = NULL;
+     bfd_ardata (abfd)->extended_names = NULL;
+     bfd_ardata (abfd)->extended_names_size = 0;  */
   bfd_ardata (abfd)->first_file_filepos = bfd_scan_vma (hdr.firstmemoff,
 							(const char **) NULL,
 							10);
--- bfd/coff-rs6000.c.jj	2005-06-09 10:58:49.000000000 +0200
+++ bfd/coff-rs6000.c	2005-06-21 18:56:11.000000000 +0200
@@ -1294,10 +1294,12 @@ _bfd_xcoff_archive_p (abfd)
   if (bfd_ardata (abfd) == (struct artdata *) NULL)
     goto error_ret_restore;
 
-  bfd_ardata (abfd)->cache = NULL;
-  bfd_ardata (abfd)->archive_head = NULL;
-  bfd_ardata (abfd)->symdefs = NULL;
-  bfd_ardata (abfd)->extended_names = NULL;
+  /* Cleared by bfd_zalloc above.
+     bfd_ardata (abfd)->cache = NULL;
+     bfd_ardata (abfd)->archive_head = NULL;
+     bfd_ardata (abfd)->symdefs = NULL;
+     bfd_ardata (abfd)->extended_names = NULL;
+     bfd_ardata (abfd)->extended_names_size = 0;  */
 
   /* Now handle the two formats.  */
   if (magic[1] != 'b')
--- bfd/ecoff.c.jj	2005-05-13 23:44:07.000000000 +0200
+++ bfd/ecoff.c	2005-06-21 18:59:49.000000000 +0200
@@ -3182,11 +3182,13 @@ _bfd_ecoff_archive_p (bfd *abfd)
     }
 
   bfd_ardata (abfd)->first_file_filepos = SARMAG;
-  bfd_ardata (abfd)->cache = NULL;
-  bfd_ardata (abfd)->archive_head = NULL;
-  bfd_ardata (abfd)->symdefs = NULL;
-  bfd_ardata (abfd)->extended_names = NULL;
-  bfd_ardata (abfd)->tdata = NULL;
+  /* Already cleared by bfd_zalloc above.
+     bfd_ardata (abfd)->cache = NULL;
+     bfd_ardata (abfd)->archive_head = NULL;
+     bfd_ardata (abfd)->symdefs = NULL;
+     bfd_ardata (abfd)->extended_names = NULL;
+     bfd_ardata (abfd)->extended_names_size = 0;
+     bfd_ardata (abfd)->tdata = NULL;  */
 
   if (! _bfd_ecoff_slurp_armap (abfd)
       || ! _bfd_ecoff_slurp_extended_name_table (abfd))
--- bfd/archive.c.jj	2005-06-17 15:22:56.000000000 +0200
+++ bfd/archive.c	2005-06-21 19:03:51.000000000 +0200
@@ -182,11 +182,13 @@ _bfd_generic_mkarchive (bfd *abfd)
   if (bfd_ardata (abfd) == NULL)
     return FALSE;
 
-  bfd_ardata (abfd)->cache = NULL;
-  bfd_ardata (abfd)->archive_head = NULL;
-  bfd_ardata (abfd)->symdefs = NULL;
-  bfd_ardata (abfd)->extended_names = NULL;
-  bfd_ardata (abfd)->tdata = NULL;
+  /* Already cleared by bfd_zalloc above.
+     bfd_ardata (abfd)->cache = NULL;
+     bfd_ardata (abfd)->archive_head = NULL;
+     bfd_ardata (abfd)->symdefs = NULL;
+     bfd_ardata (abfd)->extended_names = NULL;
+     bfd_ardata (abfd)->extended_names_size = 0;
+     bfd_ardata (abfd)->tdata = NULL;  */
 
   return TRUE;
 }
@@ -335,7 +337,7 @@ get_extended_arelt_filename (bfd *arch, 
   errno = 0;
   /* Skip first char, which is '/' in SVR4 or ' ' in some other variants.  */
   index = strtol (name + 1, NULL, 10);
-  if (errno != 0)
+  if (errno != 0 || index >= bfd_ardata (arch)->extended_names_size)
     {
       bfd_set_error (bfd_error_malformed_archive);
       return NULL;
@@ -405,10 +407,7 @@ _bfd_generic_read_ar_hdr_mag (bfd *abfd,
     {
       filename = get_extended_arelt_filename (abfd, hdr.ar_name);
       if (filename == NULL)
-	{
-	  bfd_set_error (bfd_error_malformed_archive);
-	  return NULL;
-	}
+	return NULL;
     }
   /* BSD4.4-style long filename.
      Only implemented for reading, so far!  */
@@ -629,11 +628,13 @@ bfd_generic_archive_p (bfd *abfd)
     }
 
   bfd_ardata (abfd)->first_file_filepos = SARMAG;
-  bfd_ardata (abfd)->cache = NULL;
-  bfd_ardata (abfd)->archive_head = NULL;
-  bfd_ardata (abfd)->symdefs = NULL;
-  bfd_ardata (abfd)->extended_names = NULL;
-  bfd_ardata (abfd)->tdata = NULL;
+  /* Cleared by bfd_zalloc above.
+     bfd_ardata (abfd)->cache = NULL;
+     bfd_ardata (abfd)->archive_head = NULL;
+     bfd_ardata (abfd)->symdefs = NULL;
+     bfd_ardata (abfd)->extended_names = NULL;
+     bfd_ardata (abfd)->extended_names_size = 0;
+     bfd_ardata (abfd)->tdata = NULL;  */
 
   if (!BFD_SEND (abfd, _bfd_slurp_armap, (abfd))
       || !BFD_SEND (abfd, _bfd_slurp_extended_name_table, (abfd)))
@@ -1067,6 +1068,7 @@ _bfd_slurp_extended_name_table (bfd *abf
 	  strncmp (nextname, "//              ", 16) != 0)
 	{
 	  bfd_ardata (abfd)->extended_names = NULL;
+	  bfd_ardata (abfd)->extended_names_size = 0;
 	  return TRUE;
 	}
 
@@ -1075,7 +1077,11 @@ _bfd_slurp_extended_name_table (bfd *abf
 	return FALSE;
 
       amt = namedata->parsed_size;
-      bfd_ardata (abfd)->extended_names = bfd_zalloc (abfd, amt);
+      if (amt + 1 == 0)
+        goto byebye;
+
+      bfd_ardata (abfd)->extended_names_size = amt;
+      bfd_ardata (abfd)->extended_names = bfd_zalloc (abfd, amt + 1);
       if (bfd_ardata (abfd)->extended_names == NULL)
 	{
 	byebye:
@@ -1098,15 +1104,17 @@ _bfd_slurp_extended_name_table (bfd *abf
 	 trailing '/'.  DOS/NT created archive often have \ in them
 	 We'll fix all problems here..  */
       {
-	char *temp = bfd_ardata (abfd)->extended_names;
+        char *ext_names = bfd_ardata (abfd)->extended_names;
+	char *temp = ext_names;
 	char *limit = temp + namedata->parsed_size;
 	for (; temp < limit; ++temp)
 	  {
 	    if (*temp == '\012')
-	      temp[temp[-1] == '/' ? -1 : 0] = '\0';
+	      temp[temp > ext_names && temp[-1] == '/' ? -1 : 0] = '\0';
 	    if (*temp == '\\')
 	      *temp = '/';
 	  }
+	*limit = '\0';
       }
 
       /* Pad to an even boundary if you have to.  */
Commit	Line	Data
52cb69e7 AM	1	2005-06-21 Jakub Jelinek <jakub@redhat.com>
	2
	3	* libbfd-in.h (struct artdata): Add extended_names_size field.
	4	* libbfd.h: Rebuilt.
	5	* coff-rs600.c (_bfd_xcoff_archive_p): Don't clear fields in freshly
	6	allocated object by bfd_zalloc.
	7	* coff64-rs6000.c (xcoff64_archive_p): Likewise.
	8	* ecoff.c (_bfd_ecoff_archive_p): Likewise.
	9	* archive.c (_bfd_generic_mkarchive, bfd_generic_archive_p): Likewise.
	10	(get_extended_arelt_filename): Fail if index is bigger or equal to
	11	extended_names_size.
	12	(_bfd_generic_read_ar_hdr_mag): Don't set bfd_error_malformed_archive,
	13	get_extended_arelt_filename already did that.
	14	(_bfd_slurp_extended_name_table): Initialize extended_names_size field.
	15	Allocate one extra byte and clear it, in case extended names table
	16	is not terminated.
	17
	18	--- bfd/libbfd-in.h.jj 2005-06-20 12:16:18.000000000 +0200
	19	+++ bfd/libbfd-in.h 2005-06-21 18:45:56.000000000 +0200
	20	@@ -64,6 +64,7 @@ struct artdata {
	21	carsym symdefs; / the symdef entries */
	22	symindex symdef_count; /* how many there are */
	23	char extended_names; / clever intel extension */
	24	+ bfd_size_type extended_names_size; /* Size of extended names */
	25	/* when more compilers are standard C, this can be a time_t */
	26	long armap_timestamp; /* Timestamp value written into armap.
	27	This is used for BSD archives to check
	28	--- bfd/libbfd.h.jj 2005-06-20 12:16:18.000000000 +0200
	29	+++ bfd/libbfd.h 2005-06-21 18:46:32.000000000 +0200
	30	@@ -69,6 +69,7 @@ struct artdata {
	31	carsym symdefs; / the symdef entries */
	32	symindex symdef_count; /* how many there are */
	33	char extended_names; / clever intel extension */
	34	+ bfd_size_type extended_names_size; /* Size of extended names */
	35	/* when more compilers are standard C, this can be a time_t */
	36	long armap_timestamp; /* Timestamp value written into armap.
	37	This is used for BSD archives to check
	38	--- bfd/coff64-rs6000.c.jj 2005-06-09 10:58:49.000000000 +0200
	39	+++ bfd/coff64-rs6000.c 2005-06-21 18:59:07.000000000 +0200
	40	@@ -1983,10 +1983,12 @@ xcoff64_archive_p (abfd)
	41	if (bfd_ardata (abfd) == (struct artdata *) NULL)
	42	goto error_ret_restore;
	43
	44	- bfd_ardata (abfd)->cache = NULL;
	45	- bfd_ardata (abfd)->archive_head = NULL;
	46	- bfd_ardata (abfd)->symdefs = NULL;
	47	- bfd_ardata (abfd)->extended_names = NULL;
	48	+ /* Already cleared by bfd_zalloc above.
	49	+ bfd_ardata (abfd)->cache = NULL;
	50	+ bfd_ardata (abfd)->archive_head = NULL;
	51	+ bfd_ardata (abfd)->symdefs = NULL;
	52	+ bfd_ardata (abfd)->extended_names = NULL;
	53	+ bfd_ardata (abfd)->extended_names_size = 0; */
	54	bfd_ardata (abfd)->first_file_filepos = bfd_scan_vma (hdr.firstmemoff,
	55	(const char **) NULL,
	56	10);
	57	--- bfd/coff-rs6000.c.jj 2005-06-09 10:58:49.000000000 +0200
	58	+++ bfd/coff-rs6000.c 2005-06-21 18:56:11.000000000 +0200
	59	@@ -1294,10 +1294,12 @@ _bfd_xcoff_archive_p (abfd)
	60	if (bfd_ardata (abfd) == (struct artdata *) NULL)
	61	goto error_ret_restore;
	62
	63	- bfd_ardata (abfd)->cache = NULL;
	64	- bfd_ardata (abfd)->archive_head = NULL;
65	- bfd_ardata (abfd)->symdefs = NULL;
66	- bfd_ardata (abfd)->extended_names = NULL;
67	+ /* Cleared by bfd_zalloc above.
68	+ bfd_ardata (abfd)->cache = NULL;
69	+ bfd_ardata (abfd)->archive_head = NULL;
70	+ bfd_ardata (abfd)->symdefs = NULL;
71	+ bfd_ardata (abfd)->extended_names = NULL;
72	+ bfd_ardata (abfd)->extended_names_size = 0; */
73
74	/* Now handle the two formats. */
75	if (magic[1] != 'b')
76	--- bfd/ecoff.c.jj 2005-05-13 23:44:07.000000000 +0200
77	+++ bfd/ecoff.c 2005-06-21 18:59:49.000000000 +0200
78	@@ -3182,11 +3182,13 @@ _bfd_ecoff_archive_p (bfd *abfd)
79	}
80
81	bfd_ardata (abfd)->first_file_filepos = SARMAG;
82	- bfd_ardata (abfd)->cache = NULL;
83	- bfd_ardata (abfd)->archive_head = NULL;
84	- bfd_ardata (abfd)->symdefs = NULL;
85	- bfd_ardata (abfd)->extended_names = NULL;
86	- bfd_ardata (abfd)->tdata = NULL;
87	+ /* Already cleared by bfd_zalloc above.
88	+ bfd_ardata (abfd)->cache = NULL;
89	+ bfd_ardata (abfd)->archive_head = NULL;
90	+ bfd_ardata (abfd)->symdefs = NULL;
91	+ bfd_ardata (abfd)->extended_names = NULL;
92	+ bfd_ardata (abfd)->extended_names_size = 0;
93	+ bfd_ardata (abfd)->tdata = NULL; */
94
95	if (! _bfd_ecoff_slurp_armap (abfd)
96	\|\| ! _bfd_ecoff_slurp_extended_name_table (abfd))
97	--- bfd/archive.c.jj 2005-06-17 15:22:56.000000000 +0200
98	+++ bfd/archive.c 2005-06-21 19:03:51.000000000 +0200
99	@@ -182,11 +182,13 @@ _bfd_generic_mkarchive (bfd *abfd)
100	if (bfd_ardata (abfd) == NULL)
101	return FALSE;
102
103	- bfd_ardata (abfd)->cache = NULL;
104	- bfd_ardata (abfd)->archive_head = NULL;
105	- bfd_ardata (abfd)->symdefs = NULL;
106	- bfd_ardata (abfd)->extended_names = NULL;
107	- bfd_ardata (abfd)->tdata = NULL;
108	+ /* Already cleared by bfd_zalloc above.
109	+ bfd_ardata (abfd)->cache = NULL;
110	+ bfd_ardata (abfd)->archive_head = NULL;
111	+ bfd_ardata (abfd)->symdefs = NULL;
112	+ bfd_ardata (abfd)->extended_names = NULL;
113	+ bfd_ardata (abfd)->extended_names_size = 0;
114	+ bfd_ardata (abfd)->tdata = NULL; */
115
116	return TRUE;
117	}
118	@@ -335,7 +337,7 @@ get_extended_arelt_filename (bfd *arch,
119	errno = 0;
120	/* Skip first char, which is '/' in SVR4 or ' ' in some other variants. */
121	index = strtol (name + 1, NULL, 10);
122	- if (errno != 0)
123	+ if (errno != 0 \|\| index >= bfd_ardata (arch)->extended_names_size)
124	{
125	bfd_set_error (bfd_error_malformed_archive);
126	return NULL;
127	@@ -405,10 +407,7 @@ _bfd_generic_read_ar_hdr_mag (bfd *abfd,
128	{
129	filename = get_extended_arelt_filename (abfd, hdr.ar_name);
130	if (filename == NULL)
131	- {
132	- bfd_set_error (bfd_error_malformed_archive);
133	- return NULL;
134	- }
135	+ return NULL;
136	}
137	/* BSD4.4-style long filename.
138	Only implemented for reading, so far! */
139	@@ -629,11 +628,13 @@ bfd_generic_archive_p (bfd *abfd)
140	}
141
142	bfd_ardata (abfd)->first_file_filepos = SARMAG;
143	- bfd_ardata (abfd)->cache = NULL;
144	- bfd_ardata (abfd)->archive_head = NULL;
145	- bfd_ardata (abfd)->symdefs = NULL;
146	- bfd_ardata (abfd)->extended_names = NULL;
147	- bfd_ardata (abfd)->tdata = NULL;
148	+ /* Cleared by bfd_zalloc above.
149	+ bfd_ardata (abfd)->cache = NULL;
150	+ bfd_ardata (abfd)->archive_head = NULL;
151	+ bfd_ardata (abfd)->symdefs = NULL;
152	+ bfd_ardata (abfd)->extended_names = NULL;
153	+ bfd_ardata (abfd)->extended_names_size = 0;
154	+ bfd_ardata (abfd)->tdata = NULL; */
155
156	if (!BFD_SEND (abfd, _bfd_slurp_armap, (abfd))
157	\|\| !BFD_SEND (abfd, _bfd_slurp_extended_name_table, (abfd)))
158	@@ -1067,6 +1068,7 @@ _bfd_slurp_extended_name_table (bfd *abf
159	strncmp (nextname, "// ", 16) != 0)
160	{
161	bfd_ardata (abfd)->extended_names = NULL;
162	+ bfd_ardata (abfd)->extended_names_size = 0;
163	return TRUE;
164	}
165
166	@@ -1075,7 +1077,11 @@ _bfd_slurp_extended_name_table (bfd *abf
167	return FALSE;
168
169	amt = namedata->parsed_size;
170	- bfd_ardata (abfd)->extended_names = bfd_zalloc (abfd, amt);
171	+ if (amt + 1 == 0)
172	+ goto byebye;
173	+
174	+ bfd_ardata (abfd)->extended_names_size = amt;
175	+ bfd_ardata (abfd)->extended_names = bfd_zalloc (abfd, amt + 1);
176	if (bfd_ardata (abfd)->extended_names == NULL)
177	{
178	byebye:
179	@@ -1098,15 +1104,17 @@ _bfd_slurp_extended_name_table (bfd *abf
180	trailing '/'. DOS/NT created archive often have \ in them
181	We'll fix all problems here.. */
182	{
183	- char *temp = bfd_ardata (abfd)->extended_names;
184	+ char *ext_names = bfd_ardata (abfd)->extended_names;
185	+ char *temp = ext_names;
186	char *limit = temp + namedata->parsed_size;
187	for (; temp < limit; ++temp)
188	{
189	if (*temp == '\012')
190	- temp[temp[-1] == '/' ? -1 : 0] = '\0';
191	+ temp[temp > ext_names && temp[-1] == '/' ? -1 : 0] = '\0';
192	if (*temp == '\\')
193	*temp = '/';
194	}
195	+ *limit = '\0';
196	}
197
198	/* Pad to an even boundary if you have to. */