ubsan: alpha-vma: timeout

Message ID 20200113014753.GL4433@bubble.grove.modra.org
State New
Headers show
Series
  • ubsan: alpha-vma: timeout
Related show

Commit Message

Alan Modra Jan. 13, 2020, 1:47 a.m.
Allowing a zero length record of course is inviting a fuzzer to find a
testcase that makes no progress.

	* vms-alpha.c (_bfd_vms_slurp_egsd): Ensure minimum size even
	for "ignored" records.


-- 
Alan Modra
Australia Development Lab, IBM

Patch

diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 73e7285384..32f4e68bbb 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -1217,6 +1217,16 @@  _bfd_vms_slurp_egsd (bfd *abfd)
 	  return FALSE;
 	}
 
+      if (gsd_size < 4)
+	{
+	too_small:
+	  _bfd_error_handler (_("corrupt EGSD record type %d: size (%#x) "
+				"is too small"),
+			      gsd_type, gsd_size);
+	  bfd_set_error (bfd_error_bad_value);
+	  return FALSE;
+	}
+
       switch (gsd_type)
 	{
 	case EGSD__C_PSC:
@@ -1227,14 +1237,7 @@  _bfd_vms_slurp_egsd (bfd *abfd)
 	    asection *section;
 
 	    if (offsetof (struct vms_egps, flags) + 2 > gsd_size)
-	      {
-	      too_small:
-		_bfd_error_handler (_("corrupt EGSD record type %d: size (%#x) "
-				      "is too small"),
-				    gsd_type, gsd_size);
-		bfd_set_error (bfd_error_bad_value);
-		return FALSE;
-	      }
+	      goto too_small;
 	    vms_flags = bfd_getl16 (egps->flags);
 
 	    if ((vms_flags & EGPS__V_REL) == 0)