diff mbox series

XCOFF archive sanity check

Message ID ZBb3oOZ4J35lf6nK@squeak.grove.modra.org
State Repeat Merge
Headers
Series XCOFF archive sanity check |

Checks

Context Check Description
snail/binutils-gdb-check warning Git am fail log

Commit Message

Alan Modra March 19, 2023, 11:53 a.m. UTC 
  XCOFF archive elements are in a linked list.  Add a little more sanity
checking.  This of course doesn't stop the fuzzers finding a way to
make a loop, but this check is cheap.

	* coff-rs6000.c (_bfd_xcoff_openr_next_archived_file): Sanity
	check that next element isn't pointing back to the header.
diff mbox series

Patch

diff --git a/bfd/coff-rs6000.c b/bfd/coff-rs6000.c
index 4b7b5d315df..735d434951e 100644
--- a/bfd/coff-rs6000.c
+++ b/bfd/coff-rs6000.c
@@ -1714,8 +1714,11 @@  _bfd_xcoff_openr_next_archived_file (bfd *archive, bfd *last_file)
 	  laststart -= SIZEOF_AR_HDR + arel->extra_size;
 	}
 
-      /* Sanity check that we aren't pointing into the previous element.  */
-      if (filestart != 0 && filestart >= laststart && filestart < lastend)
+      /* Sanity check that we aren't pointing into the previous element,
+	 or into the header.  */
+      if (filestart != 0
+	  && (filestart < SIZEOF_AR_FILE_HDR
+	      || (filestart >= laststart && filestart < lastend)))
 	{
 	  bfd_set_error (bfd_error_malformed_archive);
 	  return NULL;
@@ -1747,8 +1750,11 @@  _bfd_xcoff_openr_next_archived_file (bfd *archive, bfd *last_file)
 	  laststart -= SIZEOF_AR_HDR_BIG + arel->extra_size;
 	}
 
-      /* Sanity check that we aren't pointing into the previous element.  */
-      if (filestart != 0 && filestart >= laststart && filestart < lastend)
+      /* Sanity check that we aren't pointing into the previous element
+	 or into the header.  */
+      if (filestart != 0
+	  && (filestart < SIZEOF_AR_FILE_HDR_BIG
+	      || (filestart >= laststart && filestart < lastend)))
 	{
 	  bfd_set_error (bfd_error_malformed_archive);
 	  return NULL;