commit 591e4244db86933b8a9993ded234564c35451842
parent 9cb39b5284c0779a969928f0e1cb00d976686bf6
Author: Roberto E. Vargas Caballero <k0ga@shike2.com>
Date: Wed, 27 Oct 2021 08:52:26 +0200
libmach/coff32: Improve error checks
Cases with number of items 0 were not correctly handled,
and in some cases dangling pointers were generated.
Diffstat:
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/src/libmach/coff32/coff32read.c b/src/libmach/coff32/coff32read.c
@@ -148,13 +148,15 @@ readstr(Obj *obj, FILE *fp)
coff = obj->data;
hdr = &coff->hdr;
+ coff->strsiz = 0;
+ coff->strtbl = NULL;
+
if (hdr->f_nsyms == 0)
return 1;
if (fread(buf, 4, 1, fp) != 1)
return 0;
unpack(ORDER(obj->type), buf, "l", &siz);
- coff->strsiz = 0;
if (siz < 4 || siz > SIZE_MAX) {
errno = ERANGE;
return 0;
@@ -184,6 +186,9 @@ readreloc(Obj *obj, FILE *fp)
coff = obj->data;
hdr = &coff->hdr;
+ if (hdr->f_nscns == 0)
+ return 1;
+
rels = calloc(hdr->f_nscns, sizeof(*rels));
if (!rels)
return 0;
@@ -261,12 +266,13 @@ readscns(Obj *obj, FILE *fp)
coff = obj->data;
hdr = &coff->hdr;
- if (hdr->f_nscns > 0) {
- scn = calloc(hdr->f_nscns, sizeof(*scn));
- if (!scn)
- return 0;
- coff->scns = scn;
- }
+ if (hdr->f_nscns == 0)
+ return 1;
+
+ scn = calloc(hdr->f_nscns, sizeof(*scn));
+ if (!scn)
+ return 0;
+ coff->scns = scn;
for (i = 0; i < hdr->f_nscns; i++) {
if (fread(buf, SCNHSZ, 1, fp) < 0)
@@ -290,7 +296,10 @@ readlines(Obj *obj, FILE *fp)
coff = obj->data;
hdr = &coff->hdr;
- lines = calloc(sizeof(lp), hdr->f_nscns);
+ if (hdr->f_nscns == 0)
+ return 1;
+
+ lines = calloc(hdr->f_nscns, sizeof(lp));
if (!lines)
return 0;
coff->lines = lines;
