svn commit: r342950 - stable/11/usr.bin/ar
Ed Maste
emaste at FreeBSD.org
Fri Jan 11 19:53:47 UTC 2019
Author: emaste
Date: Fri Jan 11 19:53:45 2019
New Revision: 342950
URL: https://svnweb.freebsd.org/changeset/base/342950
Log:
MFC r342575, r342580: ar: detect and error out on 32-bit symbol table overflow
BSD ar currently does not support the /SYM64/ 64-bit symbol table, and
previously truncated to 32-bits, silently producing corrupted archives
larger than 4GB.
PR: 234454
Modified:
stable/11/usr.bin/ar/write.c
Modified: stable/11/usr.bin/ar/write.c
==============================================================================
--- stable/11/usr.bin/ar/write.c Fri Jan 11 19:49:19 2019 (r342949)
+++ stable/11/usr.bin/ar/write.c Fri Jan 11 19:53:45 2019 (r342950)
@@ -627,6 +627,9 @@ write_objs(struct bsdar *bsdar)
if (strlen(obj->name) > _MAXNAMELEN_SVR4)
add_to_ar_str_table(bsdar, obj->name);
bsdar->rela_off += _ARHDR_LEN + obj->size + obj->size % 2;
+ if (bsdar->rela_off > UINT32_MAX)
+ bsdar_errc(bsdar, EX_SOFTWARE, 0,
+ "Symbol table offset overflow");
}
/*
@@ -658,9 +661,13 @@ write_objs(struct bsdar *bsdar)
pm_sz = _ARMAG_LEN + (_ARHDR_LEN + s_sz);
if (bsdar->as != NULL)
pm_sz += _ARHDR_LEN + bsdar->as_sz;
- for (i = 0; (size_t)i < bsdar->s_cnt; i++)
+ for (i = 0; (size_t)i < bsdar->s_cnt; i++) {
+ if (*(bsdar->s_so + i) > UINT32_MAX - pm_sz)
+ bsdar_errc(bsdar, EX_SOFTWARE, 0,
+ "Symbol table offset overflow");
*(bsdar->s_so + i) = htobe32(*(bsdar->s_so + i) +
pm_sz);
+ }
}
if ((a = archive_write_new()) == NULL)
More information about the svn-src-all
mailing list