ref: 5b002ffca45fa45171f1bde5fc009b8ed085249d
parent: 3cc8de7beda4e1a99a33728014953fc1158a336a
author: Roberto E. Vargas Caballero <k0ga@shike2.com>
date: Wed Oct 27 04:52:26 EDT 2021
libmach/coff32: Improve error checks Cases with number of items 0 were not correctly handled, and in some cases dangling pointers were generated.
--- a/src/libmach/coff32/coff32read.c
+++ b/src/libmach/coff32/coff32read.c
@@ -148,6 +148,9 @@
coff = obj->data;
hdr = &coff->hdr;
+ coff->strsiz = 0;
+ coff->strtbl = NULL;
+
if (hdr->f_nsyms == 0)
return 1;
@@ -154,7 +157,6 @@
if (fread(buf, 4, 1, fp) != 1)
return 0;
unpack(ORDER(obj->type), buf, "l", &siz);
- coff->strsiz = 0;
if (siz < 4 || siz > SIZE_MAX) {errno = ERANGE;
return 0;
@@ -184,6 +186,9 @@
coff = obj->data;
hdr = &coff->hdr;
+ if (hdr->f_nscns == 0)
+ return 1;
+
rels = calloc(hdr->f_nscns, sizeof(*rels));
if (!rels)
return 0;
@@ -261,13 +266,14 @@
coff = obj->data;
hdr = &coff->hdr;
- if (hdr->f_nscns > 0) {- scn = calloc(hdr->f_nscns, sizeof(*scn));
- if (!scn)
- return 0;
- coff->scns = scn;
- }
+ if (hdr->f_nscns == 0)
+ return 1;
+ scn = calloc(hdr->f_nscns, sizeof(*scn));
+ if (!scn)
+ return 0;
+ coff->scns = scn;
+
for (i = 0; i < hdr->f_nscns; i++) {if (fread(buf, SCNHSZ, 1, fp) < 0)
return 0;
@@ -290,7 +296,10 @@
coff = obj->data;
hdr = &coff->hdr;
- lines = calloc(sizeof(lp), hdr->f_nscns);
+ if (hdr->f_nscns == 0)
+ return 1;
+
+ lines = calloc(hdr->f_nscns, sizeof(lp));
if (!lines)
return 0;
coff->lines = lines;