asan: heap buffer overflow in mmo_scan
authorAlan Modra <amodra@gmail.com>
Wed, 17 Aug 2022 06:13:25 +0000 (15:43 +0930)
committerAlan Modra <amodra@gmail.com>
Wed, 17 Aug 2022 07:02:04 +0000 (16:32 +0930)
commit2bda15d73cb1d6c4e3db402682d4c11a94d96b7b
treed06520d45c06bd156dd00a2ef3445e1f2d035a27
parent11c6a7c6232c2fcd23058dcb9ac7909e491e02bc
asan: heap buffer overflow in mmo_scan

mmo_get_loc needs to handle arbitrary vma and size chunks.  Fuzzers
found that it wasn't working so well when the end of chunks were
getting close to address wrap-around.

* mmo.c (mmo_get_loc): Make "size" unsigned.  Avoid arithmetic
overflow when calculating whether range hits an existing chunk.
bfd/mmo.c