asan: _bfd_elf_parse_attributes heap buffer overflow
I exposed a problem with the change in commit
574ec1084d to the outer
loop of _bfd_elf_parse_attributes. "p_end - p >= 4" is better than
"p < p_end - 4" as far as pointer UB is concerned if the size of the
attritbute section is say, 3 bytes. However you do need to ensure p
never exceeds p_end, and that length remaining is kept consistent with
the pointer.
* elf-attrs.c (elf_attr_strdup): New function.
(_bfd_elf_attr_strdup): Use it here.
(elf_add_obj_attr_string): New function, extracted from..
(bfd_elf_add_obj_attr_string): ..here.
(elf_add_obj_attr_int_string): New function, extracted from..
(bfd_elf_add_obj_attr_int_string): ..here.
(_bfd_elf_parse_attributes): Don't allocate an extra byte for a
string terminator. Instead ensure parsing doesn't go past
end of sub-section. Use size_t variables for lengths.
projects / binutils-gdb.git / commit