diff options
| author | Deepthi Hemraj <deepadeepthi98@gmail.com> | 2023-05-03 16:22:09 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2023-05-10 04:19:56 -1000 |
| commit | 614a9a6f9f6468ce26ba39f00d3b75fe8b82aff1 (patch) | |
| tree | 8d02746b9ea853a31ce87463df2e3268292a02cf | |
| parent | 7535036adba287743beae2009bb5ebca6895141b (diff) | |
| download | poky-614a9a6f9f6468ce26ba39f00d3b75fe8b82aff1.tar.gz | |
binutils : Fix CVE-2023-25584
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44]
(From OE-Core rev: 27278ebd5d102ce5a9d45f94a93932065025657b)
Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
4 files changed, 631 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index bf44e6c762..69fb8539ba 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc | |||
| @@ -50,5 +50,8 @@ SRC_URI = "\ | |||
| 50 | file://0021-CVE-2023-1579-2.patch \ | 50 | file://0021-CVE-2023-1579-2.patch \ |
| 51 | file://0021-CVE-2023-1579-3.patch \ | 51 | file://0021-CVE-2023-1579-3.patch \ |
| 52 | file://0021-CVE-2023-1579-4.patch \ | 52 | file://0021-CVE-2023-1579-4.patch \ |
| 53 | file://0022-CVE-2023-25584-1.patch \ | ||
| 54 | file://0022-CVE-2023-25584-2.patch \ | ||
| 55 | file://0022-CVE-2023-25584-3.patch \ | ||
| 53 | " | 56 | " |
| 54 | S = "${WORKDIR}/git" | 57 | S = "${WORKDIR}/git" |
diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch new file mode 100644 index 0000000000..990243f5c9 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch | |||
| @@ -0,0 +1,56 @@ | |||
| 1 | From: Alan Modra <amodra@gmail.com> | ||
| 2 | Date: Thu, 17 Mar 2022 09:35:39 +0000 (+1030) | ||
| 3 | Subject: ubsan: Null dereference in parse_module | ||
| 4 | X-Git-Tag: gdb-12.1-release~59 | ||
| 5 | X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2 | ||
| 6 | |||
| 7 | ubsan: Null dereference in parse_module | ||
| 8 | |||
| 9 | * vms-alpha.c (parse_module): Sanity check that DST__K_RTNBEG | ||
| 10 | has set module->func_table for DST__K_RTNEND. Check return | ||
| 11 | of bfd_zalloc. | ||
| 12 | |||
| 13 | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2] | ||
| 14 | |||
| 15 | CVE: CVE-2023-25584 | ||
| 16 | |||
| 17 | Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> | ||
| 18 | |||
| 19 | --- | ||
| 20 | |||
| 21 | diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c | ||
| 22 | index 4a92574c850..1129c98f0e2 100644 | ||
| 23 | --- a/bfd/vms-alpha.c | ||
| 24 | +++ b/bfd/vms-alpha.c | ||
| 25 | @@ -4352,9 +4352,13 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 26 | |||
| 27 | /* Initialize tables with zero element. */ | ||
| 28 | curr_srec = (struct srecinfo *) bfd_zalloc (abfd, sizeof (struct srecinfo)); | ||
| 29 | + if (!curr_srec) | ||
| 30 | + return false; | ||
| 31 | module->srec_table = curr_srec; | ||
| 32 | |||
| 33 | curr_line = (struct lineinfo *) bfd_zalloc (abfd, sizeof (struct lineinfo)); | ||
| 34 | + if (!curr_line) | ||
| 35 | + return false; | ||
| 36 | module->line_table = curr_line; | ||
| 37 | |||
| 38 | while (length == -1 || ptr < maxptr) | ||
| 39 | @@ -4389,6 +4393,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 40 | case DST__K_RTNBEG: | ||
| 41 | funcinfo = (struct funcinfo *) | ||
| 42 | bfd_zalloc (abfd, sizeof (struct funcinfo)); | ||
| 43 | + if (!funcinfo) | ||
| 44 | + return false; | ||
| 45 | funcinfo->name | ||
| 46 | = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME, | ||
| 47 | maxptr - (ptr + DST_S_B_RTNBEG_NAME)); | ||
| 48 | @@ -4401,6 +4407,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 49 | break; | ||
| 50 | |||
| 51 | case DST__K_RTNEND: | ||
| 52 | + if (!module->func_table) | ||
| 53 | + return false; | ||
| 54 | module->func_table->high = module->func_table->low | ||
| 55 | + bfd_getl32 (ptr + DST_S_L_RTNEND_SIZE) - 1; | ||
| 56 | |||
diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch new file mode 100644 index 0000000000..f4c5ed2aff --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch | |||
| @@ -0,0 +1,38 @@ | |||
| 1 | From da928f639002002dfc649ed9f50492d5d6cb4cee Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Nick Clifton <nickc@redhat.com> | ||
| 3 | Date: Mon, 5 Dec 2022 11:11:44 +0000 | ||
| 4 | Subject: [PATCH] Fix an illegal memory access when parsing a corrupt VMS Alpha | ||
| 5 | file. | ||
| 6 | MIME-Version: 1.0 | ||
| 7 | Content-Type: text/plain; charset=UTF-8 | ||
| 8 | Content-Transfer-Encoding: 8bit | ||
| 9 | |||
| 10 | Fix an illegal memory access when parsing a corrupt VMS Alpha file. | ||
| 11 | |||
| 12 | PR 29848 | ||
| 13 | * vms-alpha.c (parse_module): Fix potential out of bounds memory | ||
| 14 | access. | ||
| 15 | |||
| 16 | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=942fa4fb32738ecbb447546d54f1e5f0312d2ed4] | ||
| 17 | |||
| 18 | CVE: CVE-2023-25584 | ||
| 19 | |||
| 20 | Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> | ||
| 21 | |||
| 22 | --- | ||
| 23 | bfd/vms-alpha.c | 2 +- | ||
| 24 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 25 | |||
| 26 | diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c | ||
| 27 | index c548722c..53b3f1bf 100644 | ||
| 28 | --- a/bfd/vms-alpha.c | ||
| 29 | +++ b/bfd/vms-alpha.c | ||
| 30 | @@ -4361,7 +4361,7 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 31 | return false; | ||
| 32 | module->line_table = curr_line; | ||
| 33 | |||
| 34 | - while (length == -1 || ptr < maxptr) | ||
| 35 | + while (length == -1 || (ptr + 3) < maxptr) | ||
| 36 | { | ||
| 37 | /* The first byte is not counted in the recorded length. */ | ||
| 38 | int rec_length = bfd_getl16 (ptr) + 1; | ||
diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch new file mode 100644 index 0000000000..abe501e570 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch | |||
| @@ -0,0 +1,534 @@ | |||
| 1 | From: Alan Modra <amodra@gmail.com> | ||
| 2 | Date: Mon, 12 Dec 2022 07:58:49 +0000 (+1030) | ||
| 3 | Subject: Lack of bounds checking in vms-alpha.c parse_module | ||
| 4 | X-Git-Tag: gdb-13-branchpoint~87 | ||
| 5 | X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=77c225bdeb410cf60da804879ad41622f5f1aa44 | ||
| 6 | |||
| 7 | Lack of bounds checking in vms-alpha.c parse_module | ||
| 8 | |||
| 9 | PR 29873 | ||
| 10 | PR 29874 | ||
| 11 | PR 29875 | ||
| 12 | PR 29876 | ||
| 13 | PR 29877 | ||
| 14 | PR 29878 | ||
| 15 | PR 29879 | ||
| 16 | PR 29880 | ||
| 17 | PR 29881 | ||
| 18 | PR 29882 | ||
| 19 | PR 29883 | ||
| 20 | PR 29884 | ||
| 21 | PR 29885 | ||
| 22 | PR 29886 | ||
| 23 | PR 29887 | ||
| 24 | PR 29888 | ||
| 25 | PR 29889 | ||
| 26 | PR 29890 | ||
| 27 | PR 29891 | ||
| 28 | * vms-alpha.c (parse_module): Make length param bfd_size_type. | ||
| 29 | Delete length == -1 checks. Sanity check record_length. | ||
| 30 | Sanity check DST__K_MODBEG, DST__K_RTNBEG, DST__K_RTNEND lengths. | ||
| 31 | Sanity check DST__K_SOURCE and DST__K_LINE_NUM elements | ||
| 32 | before accessing. | ||
| 33 | (build_module_list): Pass dst_section size to parse_module. | ||
| 34 | |||
| 35 | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=77c225bdeb410cf60da804879ad41622f5f1aa44] | ||
| 36 | |||
| 37 | CVE: CVE-2023-25584 | ||
| 38 | |||
| 39 | Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> | ||
| 40 | |||
| 41 | --- | ||
| 42 | |||
| 43 | diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c | ||
| 44 | index c0eb5bc5a2a..3b63259cc81 100644 | ||
| 45 | --- a/bfd/vms-alpha.c | ||
| 46 | +++ b/bfd/vms-alpha.c | ||
| 47 | @@ -4340,7 +4340,7 @@ new_module (bfd *abfd) | ||
| 48 | |||
| 49 | static bool | ||
| 50 | parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 51 | - int length) | ||
| 52 | + bfd_size_type length) | ||
| 53 | { | ||
| 54 | unsigned char *maxptr = ptr + length; | ||
| 55 | unsigned char *src_ptr, *pcl_ptr; | ||
| 56 | @@ -4361,7 +4361,7 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 57 | return false; | ||
| 58 | module->line_table = curr_line; | ||
| 59 | |||
| 60 | - while (length == -1 || (ptr + 3) < maxptr) | ||
| 61 | + while (ptr + 3 < maxptr) | ||
| 62 | { | ||
| 63 | /* The first byte is not counted in the recorded length. */ | ||
| 64 | int rec_length = bfd_getl16 (ptr) + 1; | ||
| 65 | @@ -4369,15 +4369,19 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 66 | |||
| 67 | vms_debug2 ((2, "DST record: leng %d, type %d\n", rec_length, rec_type)); | ||
| 68 | |||
| 69 | - if (length == -1 && rec_type == DST__K_MODEND) | ||
| 70 | + if (rec_length > maxptr - ptr) | ||
| 71 | + break; | ||
| 72 | + if (rec_type == DST__K_MODEND) | ||
| 73 | break; | ||
| 74 | |||
| 75 | switch (rec_type) | ||
| 76 | { | ||
| 77 | case DST__K_MODBEG: | ||
| 78 | + if (rec_length <= DST_S_B_MODBEG_NAME) | ||
| 79 | + break; | ||
| 80 | module->name | ||
| 81 | = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_MODBEG_NAME, | ||
| 82 | - maxptr - (ptr + DST_S_B_MODBEG_NAME)); | ||
| 83 | + rec_length - DST_S_B_MODBEG_NAME); | ||
| 84 | |||
| 85 | curr_pc = 0; | ||
| 86 | prev_pc = 0; | ||
| 87 | @@ -4391,13 +4395,15 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 88 | break; | ||
| 89 | |||
| 90 | case DST__K_RTNBEG: | ||
| 91 | + if (rec_length <= DST_S_B_RTNBEG_NAME) | ||
| 92 | + break; | ||
| 93 | funcinfo = (struct funcinfo *) | ||
| 94 | bfd_zalloc (abfd, sizeof (struct funcinfo)); | ||
| 95 | if (!funcinfo) | ||
| 96 | return false; | ||
| 97 | funcinfo->name | ||
| 98 | = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME, | ||
| 99 | - maxptr - (ptr + DST_S_B_RTNBEG_NAME)); | ||
| 100 | + rec_length - DST_S_B_RTNBEG_NAME); | ||
| 101 | funcinfo->low = bfd_getl32 (ptr + DST_S_L_RTNBEG_ADDRESS); | ||
| 102 | funcinfo->next = module->func_table; | ||
| 103 | module->func_table = funcinfo; | ||
| 104 | @@ -4407,6 +4413,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 105 | break; | ||
| 106 | |||
| 107 | case DST__K_RTNEND: | ||
| 108 | + if (rec_length < DST_S_L_RTNEND_SIZE + 4) | ||
| 109 | + break; | ||
| 110 | if (!module->func_table) | ||
| 111 | return false; | ||
| 112 | module->func_table->high = module->func_table->low | ||
| 113 | @@ -4439,10 +4447,63 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 114 | |||
| 115 | vms_debug2 ((3, "source info\n")); | ||
| 116 | |||
| 117 | - while (src_ptr < ptr + rec_length) | ||
| 118 | + while (src_ptr - ptr < rec_length) | ||
| 119 | { | ||
| 120 | int cmd = src_ptr[0], cmd_length, data; | ||
| 121 | |||
| 122 | + switch (cmd) | ||
| 123 | + { | ||
| 124 | + case DST__K_SRC_DECLFILE: | ||
| 125 | + if (src_ptr - ptr + DST_S_B_SRC_DF_LENGTH >= rec_length) | ||
| 126 | + cmd_length = 0x10000; | ||
| 127 | + else | ||
| 128 | + cmd_length = src_ptr[DST_S_B_SRC_DF_LENGTH] + 2; | ||
| 129 | + break; | ||
| 130 | + | ||
| 131 | + case DST__K_SRC_DEFLINES_B: | ||
| 132 | + cmd_length = 2; | ||
| 133 | + break; | ||
| 134 | + | ||
| 135 | + case DST__K_SRC_DEFLINES_W: | ||
| 136 | + cmd_length = 3; | ||
| 137 | + break; | ||
| 138 | + | ||
| 139 | + case DST__K_SRC_INCRLNUM_B: | ||
| 140 | + cmd_length = 2; | ||
| 141 | + break; | ||
| 142 | + | ||
| 143 | + case DST__K_SRC_SETFILE: | ||
| 144 | + cmd_length = 3; | ||
| 145 | + break; | ||
| 146 | + | ||
| 147 | + case DST__K_SRC_SETLNUM_L: | ||
| 148 | + cmd_length = 5; | ||
| 149 | + break; | ||
| 150 | + | ||
| 151 | + case DST__K_SRC_SETLNUM_W: | ||
| 152 | + cmd_length = 3; | ||
| 153 | + break; | ||
| 154 | + | ||
| 155 | + case DST__K_SRC_SETREC_L: | ||
| 156 | + cmd_length = 5; | ||
| 157 | + break; | ||
| 158 | + | ||
| 159 | + case DST__K_SRC_SETREC_W: | ||
| 160 | + cmd_length = 3; | ||
| 161 | + break; | ||
| 162 | + | ||
| 163 | + case DST__K_SRC_FORMFEED: | ||
| 164 | + cmd_length = 1; | ||
| 165 | + break; | ||
| 166 | + | ||
| 167 | + default: | ||
| 168 | + cmd_length = 2; | ||
| 169 | + break; | ||
| 170 | + } | ||
| 171 | + | ||
| 172 | + if (src_ptr - ptr + cmd_length > rec_length) | ||
| 173 | + break; | ||
| 174 | + | ||
| 175 | switch (cmd) | ||
| 176 | { | ||
| 177 | case DST__K_SRC_DECLFILE: | ||
| 178 | @@ -4467,7 +4528,6 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 179 | |||
| 180 | module->file_table [fileid].name = filename; | ||
| 181 | module->file_table [fileid].srec = 1; | ||
| 182 | - cmd_length = src_ptr[DST_S_B_SRC_DF_LENGTH] + 2; | ||
| 183 | vms_debug2 ((4, "DST_S_C_SRC_DECLFILE: %d, %s\n", | ||
| 184 | fileid, module->file_table [fileid].name)); | ||
| 185 | } | ||
| 186 | @@ -4484,7 +4544,6 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 187 | srec->sfile = curr_srec->sfile; | ||
| 188 | curr_srec->next = srec; | ||
| 189 | curr_srec = srec; | ||
| 190 | - cmd_length = 2; | ||
| 191 | vms_debug2 ((4, "DST_S_C_SRC_DEFLINES_B: %d\n", data)); | ||
| 192 | break; | ||
| 193 | |||
| 194 | @@ -4499,14 +4558,12 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 195 | srec->sfile = curr_srec->sfile; | ||
| 196 | curr_srec->next = srec; | ||
| 197 | curr_srec = srec; | ||
| 198 | - cmd_length = 3; | ||
| 199 | vms_debug2 ((4, "DST_S_C_SRC_DEFLINES_W: %d\n", data)); | ||
| 200 | break; | ||
| 201 | |||
| 202 | case DST__K_SRC_INCRLNUM_B: | ||
| 203 | data = src_ptr[DST_S_B_SRC_UNSBYTE]; | ||
| 204 | curr_srec->line += data; | ||
| 205 | - cmd_length = 2; | ||
| 206 | vms_debug2 ((4, "DST_S_C_SRC_INCRLNUM_B: %d\n", data)); | ||
| 207 | break; | ||
| 208 | |||
| 209 | @@ -4514,21 +4571,18 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 210 | data = bfd_getl16 (src_ptr + DST_S_W_SRC_UNSWORD); | ||
| 211 | curr_srec->sfile = data; | ||
| 212 | curr_srec->srec = module->file_table[data].srec; | ||
| 213 | - cmd_length = 3; | ||
| 214 | vms_debug2 ((4, "DST_S_C_SRC_SETFILE: %d\n", data)); | ||
| 215 | break; | ||
| 216 | |||
| 217 | case DST__K_SRC_SETLNUM_L: | ||
| 218 | data = bfd_getl32 (src_ptr + DST_S_L_SRC_UNSLONG); | ||
| 219 | curr_srec->line = data; | ||
| 220 | - cmd_length = 5; | ||
| 221 | vms_debug2 ((4, "DST_S_C_SRC_SETLNUM_L: %d\n", data)); | ||
| 222 | break; | ||
| 223 | |||
| 224 | case DST__K_SRC_SETLNUM_W: | ||
| 225 | data = bfd_getl16 (src_ptr + DST_S_W_SRC_UNSWORD); | ||
| 226 | curr_srec->line = data; | ||
| 227 | - cmd_length = 3; | ||
| 228 | vms_debug2 ((4, "DST_S_C_SRC_SETLNUM_W: %d\n", data)); | ||
| 229 | break; | ||
| 230 | |||
| 231 | @@ -4536,7 +4590,6 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 232 | data = bfd_getl32 (src_ptr + DST_S_L_SRC_UNSLONG); | ||
| 233 | curr_srec->srec = data; | ||
| 234 | module->file_table[curr_srec->sfile].srec = data; | ||
| 235 | - cmd_length = 5; | ||
| 236 | vms_debug2 ((4, "DST_S_C_SRC_SETREC_L: %d\n", data)); | ||
| 237 | break; | ||
| 238 | |||
| 239 | @@ -4544,19 +4597,16 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 240 | data = bfd_getl16 (src_ptr + DST_S_W_SRC_UNSWORD); | ||
| 241 | curr_srec->srec = data; | ||
| 242 | module->file_table[curr_srec->sfile].srec = data; | ||
| 243 | - cmd_length = 3; | ||
| 244 | vms_debug2 ((4, "DST_S_C_SRC_SETREC_W: %d\n", data)); | ||
| 245 | break; | ||
| 246 | |||
| 247 | case DST__K_SRC_FORMFEED: | ||
| 248 | - cmd_length = 1; | ||
| 249 | vms_debug2 ((4, "DST_S_C_SRC_FORMFEED\n")); | ||
| 250 | break; | ||
| 251 | |||
| 252 | default: | ||
| 253 | _bfd_error_handler (_("unknown source command %d"), | ||
| 254 | cmd); | ||
| 255 | - cmd_length = 2; | ||
| 256 | break; | ||
| 257 | } | ||
| 258 | |||
| 259 | @@ -4569,18 +4619,114 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 260 | |||
| 261 | vms_debug2 ((3, "line info\n")); | ||
| 262 | |||
| 263 | - while (pcl_ptr < ptr + rec_length) | ||
| 264 | + while (pcl_ptr - ptr < rec_length) | ||
| 265 | { | ||
| 266 | /* The command byte is signed so we must sign-extend it. */ | ||
| 267 | int cmd = ((signed char *)pcl_ptr)[0], cmd_length, data; | ||
| 268 | |||
| 269 | + switch (cmd) | ||
| 270 | + { | ||
| 271 | + case DST__K_DELTA_PC_W: | ||
| 272 | + cmd_length = 3; | ||
| 273 | + break; | ||
| 274 | + | ||
| 275 | + case DST__K_DELTA_PC_L: | ||
| 276 | + cmd_length = 5; | ||
| 277 | + break; | ||
| 278 | + | ||
| 279 | + case DST__K_INCR_LINUM: | ||
| 280 | + cmd_length = 2; | ||
| 281 | + break; | ||
| 282 | + | ||
| 283 | + case DST__K_INCR_LINUM_W: | ||
| 284 | + cmd_length = 3; | ||
| 285 | + break; | ||
| 286 | + | ||
| 287 | + case DST__K_INCR_LINUM_L: | ||
| 288 | + cmd_length = 5; | ||
| 289 | + break; | ||
| 290 | + | ||
| 291 | + case DST__K_SET_LINUM_INCR: | ||
| 292 | + cmd_length = 2; | ||
| 293 | + break; | ||
| 294 | + | ||
| 295 | + case DST__K_SET_LINUM_INCR_W: | ||
| 296 | + cmd_length = 3; | ||
| 297 | + break; | ||
| 298 | + | ||
| 299 | + case DST__K_RESET_LINUM_INCR: | ||
| 300 | + cmd_length = 1; | ||
| 301 | + break; | ||
| 302 | + | ||
| 303 | + case DST__K_BEG_STMT_MODE: | ||
| 304 | + cmd_length = 1; | ||
| 305 | + break; | ||
| 306 | + | ||
| 307 | + case DST__K_END_STMT_MODE: | ||
| 308 | + cmd_length = 1; | ||
| 309 | + break; | ||
| 310 | + | ||
| 311 | + case DST__K_SET_LINUM_B: | ||
| 312 | + cmd_length = 2; | ||
| 313 | + break; | ||
| 314 | + | ||
| 315 | + case DST__K_SET_LINUM: | ||
| 316 | + cmd_length = 3; | ||
| 317 | + break; | ||
| 318 | + | ||
| 319 | + case DST__K_SET_LINUM_L: | ||
| 320 | + cmd_length = 5; | ||
| 321 | + break; | ||
| 322 | + | ||
| 323 | + case DST__K_SET_PC: | ||
| 324 | + cmd_length = 2; | ||
| 325 | + break; | ||
| 326 | + | ||
| 327 | + case DST__K_SET_PC_W: | ||
| 328 | + cmd_length = 3; | ||
| 329 | + break; | ||
| 330 | + | ||
| 331 | + case DST__K_SET_PC_L: | ||
| 332 | + cmd_length = 5; | ||
| 333 | + break; | ||
| 334 | + | ||
| 335 | + case DST__K_SET_STMTNUM: | ||
| 336 | + cmd_length = 2; | ||
| 337 | + break; | ||
| 338 | + | ||
| 339 | + case DST__K_TERM: | ||
| 340 | + cmd_length = 2; | ||
| 341 | + break; | ||
| 342 | + | ||
| 343 | + case DST__K_TERM_W: | ||
| 344 | + cmd_length = 3; | ||
| 345 | + break; | ||
| 346 | + | ||
| 347 | + case DST__K_TERM_L: | ||
| 348 | + cmd_length = 5; | ||
| 349 | + break; | ||
| 350 | + | ||
| 351 | + case DST__K_SET_ABS_PC: | ||
| 352 | + cmd_length = 5; | ||
| 353 | + break; | ||
| 354 | + | ||
| 355 | + default: | ||
| 356 | + if (cmd <= 0) | ||
| 357 | + cmd_length = 1; | ||
| 358 | + else | ||
| 359 | + cmd_length = 2; | ||
| 360 | + break; | ||
| 361 | + } | ||
| 362 | + | ||
| 363 | + if (pcl_ptr - ptr + cmd_length > rec_length) | ||
| 364 | + break; | ||
| 365 | + | ||
| 366 | switch (cmd) | ||
| 367 | { | ||
| 368 | case DST__K_DELTA_PC_W: | ||
| 369 | data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD); | ||
| 370 | curr_pc += data; | ||
| 371 | curr_linenum += 1; | ||
| 372 | - cmd_length = 3; | ||
| 373 | vms_debug2 ((4, "DST__K_DELTA_PC_W: %d\n", data)); | ||
| 374 | break; | ||
| 375 | |||
| 376 | @@ -4588,131 +4734,111 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 377 | data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG); | ||
| 378 | curr_pc += data; | ||
| 379 | curr_linenum += 1; | ||
| 380 | - cmd_length = 5; | ||
| 381 | vms_debug2 ((4, "DST__K_DELTA_PC_L: %d\n", data)); | ||
| 382 | break; | ||
| 383 | |||
| 384 | case DST__K_INCR_LINUM: | ||
| 385 | data = pcl_ptr[DST_S_B_PCLINE_UNSBYTE]; | ||
| 386 | curr_linenum += data; | ||
| 387 | - cmd_length = 2; | ||
| 388 | vms_debug2 ((4, "DST__K_INCR_LINUM: %d\n", data)); | ||
| 389 | break; | ||
| 390 | |||
| 391 | case DST__K_INCR_LINUM_W: | ||
| 392 | data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD); | ||
| 393 | curr_linenum += data; | ||
| 394 | - cmd_length = 3; | ||
| 395 | vms_debug2 ((4, "DST__K_INCR_LINUM_W: %d\n", data)); | ||
| 396 | break; | ||
| 397 | |||
| 398 | case DST__K_INCR_LINUM_L: | ||
| 399 | data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG); | ||
| 400 | curr_linenum += data; | ||
| 401 | - cmd_length = 5; | ||
| 402 | vms_debug2 ((4, "DST__K_INCR_LINUM_L: %d\n", data)); | ||
| 403 | break; | ||
| 404 | |||
| 405 | case DST__K_SET_LINUM_INCR: | ||
| 406 | _bfd_error_handler | ||
| 407 | (_("%s not implemented"), "DST__K_SET_LINUM_INCR"); | ||
| 408 | - cmd_length = 2; | ||
| 409 | break; | ||
| 410 | |||
| 411 | case DST__K_SET_LINUM_INCR_W: | ||
| 412 | _bfd_error_handler | ||
| 413 | (_("%s not implemented"), "DST__K_SET_LINUM_INCR_W"); | ||
| 414 | - cmd_length = 3; | ||
| 415 | break; | ||
| 416 | |||
| 417 | case DST__K_RESET_LINUM_INCR: | ||
| 418 | _bfd_error_handler | ||
| 419 | (_("%s not implemented"), "DST__K_RESET_LINUM_INCR"); | ||
| 420 | - cmd_length = 1; | ||
| 421 | break; | ||
| 422 | |||
| 423 | case DST__K_BEG_STMT_MODE: | ||
| 424 | _bfd_error_handler | ||
| 425 | (_("%s not implemented"), "DST__K_BEG_STMT_MODE"); | ||
| 426 | - cmd_length = 1; | ||
| 427 | break; | ||
| 428 | |||
| 429 | case DST__K_END_STMT_MODE: | ||
| 430 | _bfd_error_handler | ||
| 431 | (_("%s not implemented"), "DST__K_END_STMT_MODE"); | ||
| 432 | - cmd_length = 1; | ||
| 433 | break; | ||
| 434 | |||
| 435 | case DST__K_SET_LINUM_B: | ||
| 436 | data = pcl_ptr[DST_S_B_PCLINE_UNSBYTE]; | ||
| 437 | curr_linenum = data; | ||
| 438 | - cmd_length = 2; | ||
| 439 | vms_debug2 ((4, "DST__K_SET_LINUM_B: %d\n", data)); | ||
| 440 | break; | ||
| 441 | |||
| 442 | case DST__K_SET_LINUM: | ||
| 443 | data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD); | ||
| 444 | curr_linenum = data; | ||
| 445 | - cmd_length = 3; | ||
| 446 | vms_debug2 ((4, "DST__K_SET_LINE_NUM: %d\n", data)); | ||
| 447 | break; | ||
| 448 | |||
| 449 | case DST__K_SET_LINUM_L: | ||
| 450 | data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG); | ||
| 451 | curr_linenum = data; | ||
| 452 | - cmd_length = 5; | ||
| 453 | vms_debug2 ((4, "DST__K_SET_LINUM_L: %d\n", data)); | ||
| 454 | break; | ||
| 455 | |||
| 456 | case DST__K_SET_PC: | ||
| 457 | _bfd_error_handler | ||
| 458 | (_("%s not implemented"), "DST__K_SET_PC"); | ||
| 459 | - cmd_length = 2; | ||
| 460 | break; | ||
| 461 | |||
| 462 | case DST__K_SET_PC_W: | ||
| 463 | _bfd_error_handler | ||
| 464 | (_("%s not implemented"), "DST__K_SET_PC_W"); | ||
| 465 | - cmd_length = 3; | ||
| 466 | break; | ||
| 467 | |||
| 468 | case DST__K_SET_PC_L: | ||
| 469 | _bfd_error_handler | ||
| 470 | (_("%s not implemented"), "DST__K_SET_PC_L"); | ||
| 471 | - cmd_length = 5; | ||
| 472 | break; | ||
| 473 | |||
| 474 | case DST__K_SET_STMTNUM: | ||
| 475 | _bfd_error_handler | ||
| 476 | (_("%s not implemented"), "DST__K_SET_STMTNUM"); | ||
| 477 | - cmd_length = 2; | ||
| 478 | break; | ||
| 479 | |||
| 480 | case DST__K_TERM: | ||
| 481 | data = pcl_ptr[DST_S_B_PCLINE_UNSBYTE]; | ||
| 482 | curr_pc += data; | ||
| 483 | - cmd_length = 2; | ||
| 484 | vms_debug2 ((4, "DST__K_TERM: %d\n", data)); | ||
| 485 | break; | ||
| 486 | |||
| 487 | case DST__K_TERM_W: | ||
| 488 | data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD); | ||
| 489 | curr_pc += data; | ||
| 490 | - cmd_length = 3; | ||
| 491 | vms_debug2 ((4, "DST__K_TERM_W: %d\n", data)); | ||
| 492 | break; | ||
| 493 | |||
| 494 | case DST__K_TERM_L: | ||
| 495 | data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG); | ||
| 496 | curr_pc += data; | ||
| 497 | - cmd_length = 5; | ||
| 498 | vms_debug2 ((4, "DST__K_TERM_L: %d\n", data)); | ||
| 499 | break; | ||
| 500 | |||
| 501 | case DST__K_SET_ABS_PC: | ||
| 502 | data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG); | ||
| 503 | curr_pc = data; | ||
| 504 | - cmd_length = 5; | ||
| 505 | vms_debug2 ((4, "DST__K_SET_ABS_PC: 0x%x\n", data)); | ||
| 506 | break; | ||
| 507 | |||
| 508 | @@ -4721,15 +4847,11 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 509 | { | ||
| 510 | curr_pc -= cmd; | ||
| 511 | curr_linenum += 1; | ||
| 512 | - cmd_length = 1; | ||
| 513 | vms_debug2 ((4, "bump pc to 0x%lx and line to %d\n", | ||
| 514 | (unsigned long)curr_pc, curr_linenum)); | ||
| 515 | } | ||
| 516 | else | ||
| 517 | - { | ||
| 518 | - _bfd_error_handler (_("unknown line command %d"), cmd); | ||
| 519 | - cmd_length = 2; | ||
| 520 | - } | ||
| 521 | + _bfd_error_handler (_("unknown line command %d"), cmd); | ||
| 522 | break; | ||
| 523 | } | ||
| 524 | |||
| 525 | @@ -4859,7 +4981,8 @@ build_module_list (bfd *abfd) | ||
| 526 | return NULL; | ||
| 527 | |||
| 528 | module = new_module (abfd); | ||
| 529 | - if (!parse_module (abfd, module, PRIV (dst_section)->contents, -1)) | ||
| 530 | + if (!parse_module (abfd, module, PRIV (dst_section)->contents, | ||
| 531 | + PRIV (dst_section)->size)) | ||
| 532 | return NULL; | ||
| 533 | list = module; | ||
| 534 | } | ||