PR32136, Use-of-uninitialized-memory in evax_bfd_print_image

Message ID ZtlT1NG2HEFSqHAJ@squeak.grove.modra.org
State New
Headers
Series PR32136, Use-of-uninitialized-memory in evax_bfd_print_image |

Checks

Context Check Description
linaro-tcwg-bot/tcwg_binutils_build--master-arm warning Patch is already merged
linaro-tcwg-bot/tcwg_binutils_build--master-aarch64 warning Patch is already merged

Commit Message

Alan Modra Sept. 5, 2024, 6:46 a.m. UTC
  PR 32136
	 * vms-alpha.c (evax_bfd_print_image): Sanity check various string
	 lengths.
  

Patch

diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 6eea61df08a..df279bc4f68 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -8330,18 +8330,26 @@  evax_bfd_print_image (bfd *abfd, FILE *file)
 	}
       /* xgettext:c-format */
       fprintf (file, _("Image identification: (major: %u, minor: %u)\n"),
-	       (unsigned)bfd_getl32 (eihi.majorid),
-	       (unsigned)bfd_getl32 (eihi.minorid));
-      fprintf (file, _(" image name       : %.*s\n"),
-	       eihi.imgnam[0], eihi.imgnam + 1);
+	       (unsigned) bfd_getl32 (eihi.majorid),
+	       (unsigned) bfd_getl32 (eihi.minorid));
+      unsigned int nlen = eihi.imgnam[0];
+      if (nlen > sizeof (eihi.imgnam) - 1)
+	nlen = sizeof (eihi.imgnam) - 1;
+      fprintf (file, _(" image name       : %.*s\n"), nlen, eihi.imgnam + 1);
       fprintf (file, _(" link time        : %s\n"),
 	       vms_time_to_str (eihi.linktime));
-      fprintf (file, _(" image ident      : %.*s\n"),
-	       eihi.imgid[0], eihi.imgid + 1);
-      fprintf (file, _(" linker ident     : %.*s\n"),
-	       eihi.linkid[0], eihi.linkid + 1);
-      fprintf (file, _(" image build ident: %.*s\n"),
-	       eihi.imgbid[0], eihi.imgbid + 1);
+      nlen = eihi.imgid[0];
+      if (nlen > sizeof (eihi.imgid) - 1)
+	nlen = sizeof (eihi.imgid) - 1;
+      fprintf (file, _(" image ident      : %.*s\n"), nlen, eihi.imgid + 1);
+      nlen = eihi.linkid[0];
+      if (nlen > sizeof (eihi.linkid) - 1)
+	nlen = sizeof (eihi.linkid) - 1;
+      fprintf (file, _(" linker ident     : %.*s\n"), nlen, eihi.linkid + 1);
+      nlen = eihi.imgbid[0];
+      if (nlen > sizeof (eihi.imgbid) -1 )
+	nlen = sizeof (eihi.imgbid) - 1;
+      fprintf (file, _(" image build ident: %.*s\n"), nlen, eihi.imgbid + 1);
     }
   if (eihs_off != 0)
     {
@@ -8474,10 +8482,15 @@  evax_bfd_print_image (bfd *abfd, FILE *file)
 	}
       fputs (_(")\n"), file);
       if (val & EISD__M_GBL)
-	/* xgettext:c-format */
-	fprintf (file, _(" ident: 0x%08x, name: %.*s\n"),
-		 (unsigned)bfd_getl32 (eisd.ident),
-		 eisd.gblnam[0], eisd.gblnam + 1);
+	{
+	  unsigned int nlen = eisd.gblnam[0];
+	  if (nlen > sizeof (eisd.gblnam) - 1)
+	    nlen = sizeof (eisd.gblnam) - 1;
+	  /* xgettext:c-format */
+	  fprintf (file, _(" ident: 0x%08x, name: %.*s\n"),
+		   (unsigned) bfd_getl32 (eisd.ident),
+		   nlen, eisd.gblnam + 1);
+	}
       eisd_off += len;
     }
 
@@ -8628,11 +8641,14 @@  evax_bfd_print_image (bfd *abfd, FILE *file)
 	       j++, shlstoff += sizeof (struct vms_shl))
 	    {
 	      struct vms_shl *shl = (struct vms_shl *) (buf + shlstoff);
+	      unsigned int nlen = shl->imgnam[0];
+	      if (nlen > sizeof (shl->imgnam) - 1)
+		nlen = sizeof (shl->imgnam) - 1;
 	      fprintf (file,
 		       /* xgettext:c-format */
 		       _("  %u: size: %u, flags: 0x%02x, name: %.*s\n"),
 		       j, shl->size, shl->flags,
-		       shl->imgnam[0], shl->imgnam + 1);
+		       nlen, shl->imgnam + 1);
 	    }
 	}
       if (qrelfixoff != 0)