readelf: catch archive_file_size of -1

Message ID YQOYMxwzOwZphaqL@squeak.grove.modra.org
State New
Headers show
Series
  • readelf: catch archive_file_size of -1
Related show

Commit Message

Alan Modra via Binutils July 30, 2021, 6:12 a.m.
Fuzzers might put -1 in arhdr.ar_size.  If the size is rounded up to
and even number of bytes we get zero.

	* readelf.c (process_archive): Don't round up archive_file_size.
	Do round up next_arhdr_offset calculation.


-- 
Alan Modra
Australia Development Lab, IBM

Patch

diff --git a/binutils/readelf.c b/binutils/readelf.c
index 5682837ed7b..bd16fcc77ad 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -21789,8 +21789,6 @@  process_archive (Filedata * filedata, bool is_thin_archive)
       arch.next_arhdr_offset += sizeof arch.arhdr;
 
       filedata->archive_file_size = strtoul (arch.arhdr.ar_size, NULL, 10);
-      if (filedata->archive_file_size & 01)
-	++filedata->archive_file_size;
 
       name = get_archive_member_name (&arch, &nested_arch);
       if (name == NULL)
@@ -21894,7 +21892,7 @@  process_archive (Filedata * filedata, bool is_thin_archive)
 	  filedata->file_name = qualified_name;
 	  if (! process_object (filedata))
 	    ret = false;
-	  arch.next_arhdr_offset += filedata->archive_file_size;
+	  arch.next_arhdr_offset += (filedata->archive_file_size + 1) & -2;
 	  /* Stop looping with "negative" archive_file_size.  */
 	  if (arch.next_arhdr_offset < filedata->archive_file_size)
 	    arch.next_arhdr_offset = -1ul;