diff options
| author | Miod Vallat <miod@cvs.openbsd.org> | 2014-11-30 13:47:43 +0000 |
|---|---|---|
| committer | Miod Vallat <miod@cvs.openbsd.org> | 2014-11-30 13:47:43 +0000 |
| commit | df1a03dc610d0b1040180ed9a1214b36bc1018be (patch) | |
| tree | 4158920c46c53319910e85a22c003145c9f841eb /usr.sbin | |
| parent | e8825a5f275256e6b56e3220e442057030fb238a (diff) | |
In mopFileRead(), make sure to never increment e_cursec beyond e_nsec, so
that the next call to this function will not access e_sections[] out of
bounds.
Repairs mopa.out(1) behaviour noticed by sebastia@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/mopd/common/file.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.sbin/mopd/common/file.c b/usr.sbin/mopd/common/file.c index 1432ceead5c..5382d35ab1c 100644 --- a/usr.sbin/mopd/common/file.c +++ b/usr.sbin/mopd/common/file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: file.c,v 1.15 2013/10/17 08:02:21 deraadt Exp $ */ +/* $OpenBSD: file.c,v 1.16 2014/11/30 13:47:42 miod Exp $ */ /* * Copyright (c) 1995-96 Mats O Jansson. All rights reserved. @@ -975,7 +975,8 @@ mopFileRead(struct dllist *dlslot, u_char *buf) if (dlslot->e_curpos >= (dlslot->e_sections[sec].s_loff + dlslot->e_sections[sec].s_fsize + dlslot->e_sections[sec].s_pad)) - dlslot->e_cursec++; + if (++sec != dlslot->e_nsec) + dlslot->e_cursec = sec; break; case IMAGE_TYPE_AOUT: |