diff options
| author | Alan Modra <amodra@gmail.com> | 2021-07-30 13:07:12 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2021-07-30 15:33:07 +0930 |
| commit | 237877b8183a23ecc889b5c796c210aac9cfb742 (patch) | |
| tree | aefe79fcfa2b5a985b22b42ee423716a66a172fb /binutils/readelf.c | |
| parent | 5cfe19e51ee06feb191b33a934bcf6cfaaace7b1 (diff) | |
| download | binutils-gdb-237877b8183a23ecc889b5c796c210aac9cfb742.tar.gz | |
readelf: catch archive_file_size of -1
Fuzzers might put -1 in arhdr.ar_size. If the size is rounded up to
and even number of bytes we get zero.
* readelf.c (process_archive): Don't round up archive_file_size.
Do round up next_arhdr_offset calculation.
Diffstat (limited to 'binutils/readelf.c')
| -rw-r--r-- | binutils/readelf.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/binutils/readelf.c b/binutils/readelf.c index 5682837ed7b..bd16fcc77ad 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -21789,8 +21789,6 @@ process_archive (Filedata * filedata, bool is_thin_archive) arch.next_arhdr_offset += sizeof arch.arhdr; filedata->archive_file_size = strtoul (arch.arhdr.ar_size, NULL, 10); - if (filedata->archive_file_size & 01) - ++filedata->archive_file_size; name = get_archive_member_name (&arch, &nested_arch); if (name == NULL) @@ -21894,7 +21892,7 @@ process_archive (Filedata * filedata, bool is_thin_archive) filedata->file_name = qualified_name; if (! process_object (filedata)) ret = false; - arch.next_arhdr_offset += filedata->archive_file_size; + arch.next_arhdr_offset += (filedata->archive_file_size + 1) & -2; /* Stop looping with "negative" archive_file_size. */ if (arch.next_arhdr_offset < filedata->archive_file_size) arch.next_arhdr_offset = -1ul; |