1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
$NetBSD: patch-libgputils_gparchive.c,v 1.2 2018/06/25 14:01:45 bouyer Exp $
Be more paranoid about input, pursuant to a build failure in sdcc3
that seems to involve gplib trying to allocate gigs of memory.
--- libgputils/gparchive.c.orig 2016-08-12 15:14:27.000000000 +0200
+++ libgputils/gparchive.c 2018-06-25 14:40:35.697419998 +0200
@@ -378,10 +378,18 @@
/* read the object file or symbol index into memory */
sscanf(new->header.ar_size, "%il", &object_size);
+ if (object_size < 0) {
+ gp_error("bad archive \"%s\" (negative entry size)", File_name);
+ }
+ /* sanity check */
+ if (object_size > 100*1024*1024) {
+ gp_error("bad archive \"%s\" (unreasonable entry size %d)", File_name,
+ object_size);
+ }
new->data.size = object_size;
new->data.file = (uint8_t *)GP_Malloc(object_size);
if (fread(new->data.file, sizeof(char), object_size, infile) != object_size) {
- gp_error("bad archive \"%s\"", File_name);
+ gp_error("bad archive \"%s\" (read error)", File_name);
}
/* insert the new member in the archive list */
|
