summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--bfd/ChangeLog3
-rw-r--r--bfd/peXXigen.c14
2 files changed, 12 insertions, 5 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 6e393a3216b..a34bc4663b3 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,8 @@
2016-03-22 Nick Clifton <nickc@redhat.com>
+ * peXXigen.c (_bfd_XXi_write_codeview_record): Fix possible
+ unbounded stack use.
+
* warning.m4 (GCC_WARN_CFLAGS): Only add -Wstack-usage if using a
sufficiently recent version of GCC.
* configure: Regenerate.
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c
index b80f981c258..c92c1eaf5c0 100644
--- a/bfd/peXXigen.c
+++ b/bfd/peXXigen.c
@@ -62,6 +62,7 @@
#include "libbfd.h"
#include "coff/internal.h"
#include "bfdver.h"
+#include "libiberty.h"
#ifdef HAVE_WCHAR_H
#include <wchar.h>
#endif
@@ -1195,13 +1196,15 @@ _bfd_XXi_slurp_codeview_record (bfd * abfd, file_ptr where, unsigned long length
unsigned int
_bfd_XXi_write_codeview_record (bfd * abfd, file_ptr where, CODEVIEW_INFO *cvinfo)
{
- unsigned int size = sizeof (CV_INFO_PDB70) + 1;
+ const bfd_size_type size = sizeof (CV_INFO_PDB70) + 1;
+ bfd_size_type written;
CV_INFO_PDB70 *cvinfo70;
- char buffer[size];
+ char * buffer;
if (bfd_seek (abfd, where, SEEK_SET) != 0)
return 0;
+ buffer = xmalloc (size);
cvinfo70 = (CV_INFO_PDB70 *) buffer;
H_PUT_32 (abfd, CVINFO_PDB70_CVSIGNATURE, cvinfo70->CvSignature);
@@ -1215,10 +1218,11 @@ _bfd_XXi_write_codeview_record (bfd * abfd, file_ptr where, CODEVIEW_INFO *cvinf
H_PUT_32 (abfd, cvinfo->Age, cvinfo70->Age);
cvinfo70->PdbFileName[0] = '\0';
- if (bfd_bwrite (buffer, size, abfd) != size)
- return 0;
+ written = bfd_bwrite (buffer, size, abfd);
+
+ free (buffer);
- return size;
+ return written == size ? size : 0;
}
static char * dir_names[IMAGE_NUMBEROF_DIRECTORY_ENTRIES] =