This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: PATCH: Check S-record with 0 size


On Thu, Aug 28, 2014 at 08:25:34AM -0700, H.J. Lu wrote:
> Hi,
> 
> I checked in this patch to fix S-record with 0 size reported at
> 
> http://lists.gnu.org/archive/html/bug-binutils/2014-08/msg00110.html

We should really be testing for other invalid byte counts.

    	* srec.c (srec_scan): Revert last change.  Report an error for
    	S-records with less than the miniumum byte count.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 6484c91..3e005c9 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2014-08-29  Alan Modra  <amodra@gmail.com>
+
+	* srec.c (srec_scan): Revert last change.  Report an error for
+	S-records with less than the miniumum byte count.
+
 2014-08-28  H.J. Lu  <hongjiu.lu@intel.com>
 
 	* srec.c (srec_scan): Return error for 0 size.
diff --git a/bfd/srec.c b/bfd/srec.c
index d979bf5..42143c7 100644
--- a/bfd/srec.c
+++ b/bfd/srec.c
@@ -453,7 +453,7 @@ srec_scan (bfd *abfd)
 	  {
 	    file_ptr pos;
 	    char hdr[3];
-	    unsigned int bytes;
+	    unsigned int bytes, min_bytes;
 	    bfd_vma address;
 	    bfd_byte *data;
 	    unsigned char check_sum;
@@ -476,6 +476,19 @@ srec_scan (bfd *abfd)
 	      }
 
 	    check_sum = bytes = HEX (hdr + 1);
+	    min_bytes = 3;
+	    if (hdr[0] == '2' || hdr[0] == '8')
+	      min_bytes = 4;
+	    else if (hdr[0] == '3' || hdr[0] == '7')
+	      min_bytes = 5;
+	    if (bytes < min_bytes)
+	      {
+		(*_bfd_error_handler) (_("%B:%d: byte count %d too small\n"),
+				       abfd, lineno, bytes);
+		bfd_set_error (bfd_error_bad_value);
+		goto error_return;
+	      }
+
 	    if (bytes * 2 > bufsize)
 	      {
 		if (buf != NULL)
@@ -486,8 +499,7 @@ srec_scan (bfd *abfd)
 		bufsize = bytes * 2;
 	      }
 
-	    if (bytes == 0
-		|| bfd_bread (buf, (bfd_size_type) bytes * 2, abfd) != bytes * 2)
+	    if (bfd_bread (buf, (bfd_size_type) bytes * 2, abfd) != bytes * 2)
 	      goto error_return;
 
 	    /* Ignore the checksum byte.  */

-- 
Alan Modra
Australia Development Lab, IBM


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]