[packages/binutils.git] / binutils-CVE-2019-9075.patch

diff -rup binutils.orig/bfd/archive64.c binutils-2.31.1/bfd/archive64.c
--- binutils.orig/bfd/archive64.c	2019-02-26 11:17:11.882530151 +0000
+++ binutils-2.31.1/bfd/archive64.c	2019-02-26 11:19:18.422488805 +0000
@@ -100,8 +100,6 @@ _bfd_archive_64_bit_slurp_armap (bfd *ab
     return FALSE;
   carsyms = ardata->symdefs;
   stringbase = ((char *) ardata->symdefs) + carsym_size;
-  stringbase[stringsize] = 0;
-  stringend = stringbase + stringsize;
 
   raw_armap = (bfd_byte *) bfd_alloc (abfd, ptrsize);
   if (raw_armap == NULL)
@@ -115,15 +113,17 @@ _bfd_archive_64_bit_slurp_armap (bfd *ab
       goto release_raw_armap;
     }
 
+  stringend = stringbase + stringsize;
+  *stringend = 0;
   for (i = 0; i < nsymz; i++)
     {
       carsyms->file_offset = bfd_getb64 (raw_armap + i * 8);
       carsyms->name = stringbase;
-      if (stringbase < stringend)
-	stringbase += strlen (stringbase) + 1;
+      stringbase += strlen (stringbase);
+      if (stringbase != stringend)
+	++stringbase;
       ++carsyms;
     }
-  *stringbase = '\0';
 
   ardata->symdef_count = nsymz;
   ardata->first_file_filepos = bfd_tell (abfd);
diff -rup binutils.orig/bfd/archive.c binutils-2.31.1/bfd/archive.c
--- binutils.orig/bfd/archive.c	2019-02-26 11:17:11.884530134 +0000
+++ binutils-2.31.1/bfd/archive.c	2019-02-26 11:18:33.354859687 +0000
@@ -1014,6 +1014,7 @@ do_slurp_coff_armap (bfd *abfd)
   int *raw_armap, *rawptr;
   struct artdata *ardata = bfd_ardata (abfd);
   char *stringbase;
+  char *stringend;
   bfd_size_type stringsize;
   bfd_size_type parsed_size;
   carsym *carsyms;
@@ -1073,22 +1074,20 @@ do_slurp_coff_armap (bfd *abfd)
     }
 
   /* OK, build the carsyms.  */
-  for (i = 0; i < nsymz && stringsize > 0; i++)
+  stringend = stringbase + stringsize;
+  *stringend = 0;
+  for (i = 0; i < nsymz; i++)
     {
       bfd_size_type len;
 
       rawptr = raw_armap + i;
       carsyms->file_offset = swap ((bfd_byte *) rawptr);
       carsyms->name = stringbase;
-      /* PR 17512: file: 4a1d50c1.  */
-      len = strnlen (stringbase, stringsize);
-      if (len < stringsize)
-	len ++;
-      stringbase += len;
-      stringsize -= len;
+      stringbase += strlen (stringbase);
+      if (stringbase != stringend)
+	++stringbase;
       carsyms++;
     }
-  *stringbase = 0;
 
   ardata->symdef_count = nsymz;
   ardata->first_file_filepos = bfd_tell (abfd);
Commit	Line	Data
46bb8853 AM	1	diff -rup binutils.orig/bfd/archive64.c binutils-2.31.1/bfd/archive64.c
	2	--- binutils.orig/bfd/archive64.c 2019-02-26 11:17:11.882530151 +0000
	3	+++ binutils-2.31.1/bfd/archive64.c 2019-02-26 11:19:18.422488805 +0000
	4	@@ -100,8 +100,6 @@ _bfd_archive_64_bit_slurp_armap (bfd *ab
	5	return FALSE;
	6	carsyms = ardata->symdefs;
	7	stringbase = ((char *) ardata->symdefs) + carsym_size;
	8	- stringbase[stringsize] = 0;
	9	- stringend = stringbase + stringsize;
	10
	11	raw_armap = (bfd_byte *) bfd_alloc (abfd, ptrsize);
	12	if (raw_armap == NULL)
	13	@@ -115,15 +113,17 @@ _bfd_archive_64_bit_slurp_armap (bfd *ab
	14	goto release_raw_armap;
	15	}
	16
	17	+ stringend = stringbase + stringsize;
	18	+ *stringend = 0;
	19	for (i = 0; i < nsymz; i++)
	20	{
	21	carsyms->file_offset = bfd_getb64 (raw_armap + i * 8);
	22	carsyms->name = stringbase;
	23	- if (stringbase < stringend)
	24	- stringbase += strlen (stringbase) + 1;
	25	+ stringbase += strlen (stringbase);
	26	+ if (stringbase != stringend)
	27	+ ++stringbase;
	28	++carsyms;
	29	}
	30	- *stringbase = '\0';
	31
	32	ardata->symdef_count = nsymz;
	33	ardata->first_file_filepos = bfd_tell (abfd);
	34	diff -rup binutils.orig/bfd/archive.c binutils-2.31.1/bfd/archive.c
	35	--- binutils.orig/bfd/archive.c 2019-02-26 11:17:11.884530134 +0000
	36	+++ binutils-2.31.1/bfd/archive.c 2019-02-26 11:18:33.354859687 +0000
	37	@@ -1014,6 +1014,7 @@ do_slurp_coff_armap (bfd *abfd)
	38	int raw_armap, rawptr;
	39	struct artdata *ardata = bfd_ardata (abfd);
	40	char *stringbase;
	41	+ char *stringend;
	42	bfd_size_type stringsize;
	43	bfd_size_type parsed_size;
	44	carsym *carsyms;
	45	@@ -1073,22 +1074,20 @@ do_slurp_coff_armap (bfd *abfd)
	46	}
	47
	48	/* OK, build the carsyms. */
	49	- for (i = 0; i < nsymz && stringsize > 0; i++)
	50	+ stringend = stringbase + stringsize;
	51	+ *stringend = 0;
	52	+ for (i = 0; i < nsymz; i++)
	53	{
	54	bfd_size_type len;
	55
	56	rawptr = raw_armap + i;
	57	carsyms->file_offset = swap ((bfd_byte *) rawptr);
	58	carsyms->name = stringbase;
	59	- /* PR 17512: file: 4a1d50c1. */
	60	- len = strnlen (stringbase, stringsize);
	61	- if (len < stringsize)
	62	- len ++;
	63	- stringbase += len;
	64	- stringsize -= len;
65	+ stringbase += strlen (stringbase);
66	+ if (stringbase != stringend)
67	+ ++stringbase;
68	carsyms++;
69	}
70	- *stringbase = 0;
71
72	ardata->symdef_count = nsymz;
73	ardata->first_file_filepos = bfd_tell (abfd);