X-Git-Url: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blobdiff_plain;f=bfd%2Farchive.c;h=b9052135101d864082ec615053891e633f89da0c;hp=40a3395ba09be7cd60bc0220efa7b2ebe563e246;hb=bb0d867169d7e9743d229804106a8fbcab7f3b3f;hpb=ed9e98c214dde25cc9ff54bac7191c3824be3ffa

diff --git a/bfd/archive.c b/bfd/archive.c
index 40a3395..b905213 100644
--- a/bfd/archive.c
+++ b/bfd/archive.c
@@ -1293,6 +1293,9 @@ _bfd_slurp_extended_name_table (bfd *abfd)
       amt = namedata->parsed_size;
       if (amt + 1 == 0)
 	goto byebye;
+      /* PR binutils/17533: A corrupt archive can contain an invalid size.  */
+      if (amt > (bfd_size_type) bfd_get_size (abfd))
+	goto byebye;
 
       bfd_ardata (abfd)->extended_names_size = amt;
       bfd_ardata (abfd)->extended_names = (char *) bfd_zalloc (abfd, amt + 1);
@@ -1300,6 +1303,8 @@ _bfd_slurp_extended_name_table (bfd *abfd)
 	{
 	byebye:
 	  free (namedata);
+	  bfd_ardata (abfd)->extended_names = NULL;
+	  bfd_ardata (abfd)->extended_names_size = 0;
 	  return FALSE;
 	}
 
@@ -1308,7 +1313,6 @@ _bfd_slurp_extended_name_table (bfd *abfd)
 	  if (bfd_get_error () != bfd_error_system_call)
 	    bfd_set_error (bfd_error_malformed_archive);
 	  bfd_release (abfd, (bfd_ardata (abfd)->extended_names));
-	  bfd_ardata (abfd)->extended_names = NULL;
 	  goto byebye;
 	}
 
@@ -1316,11 +1320,12 @@ _bfd_slurp_extended_name_table (bfd *abfd)
 	 text, the entries in the list are newline-padded, not null
 	 padded. In SVR4-style archives, the names also have a
 	 trailing '/'.  DOS/NT created archive often have \ in them
-	 We'll fix all problems here..  */
+	 We'll fix all problems here.  */
       {
 	char *ext_names = bfd_ardata (abfd)->extended_names;
 	char *temp = ext_names;
 	char *limit = temp + namedata->parsed_size;
+
 	for (; temp < limit; ++temp)
 	  {
 	    if (*temp == ARFMAG[1])