asan: alpha-vms: buffer overflow

author Alan Modra <amodra@gmail.com>

Sun, 25 Oct 2020 11:51:45 +0000 (22:21 +1030)

committer Alan Modra <amodra@gmail.com>

Sun, 25 Oct 2020 11:55:45 +0000 (22:25 +1030)
author Alan Modra <amodra@gmail.com>
Sun, 25 Oct 2020 11:51:45 +0000 (22:21 +1030)
committer Alan Modra <amodra@gmail.com>
Sun, 25 Oct 2020 11:55:45 +0000 (22:25 +1030)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index 194241b7278e64f4121b91b937146962001f0948..931d4455ef53558192bdd5fc5a7365b300be60e1 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2020-10-25  Alan Modra  <amodra@gmail.com>
+
+       * vms-misc.c (_bfd_vms_save_counted_string): Count length byte
+       towards maxlen.
+
  2020-10-20  Dr. David Alan Gilbert  <dgilbert@redhat.com>
  
         * po/es.po: Fix printf format.
diff --git a/bfd/vms-misc.c b/bfd/vms-misc.c

index 0826456ef0ff910552a98c3566be86eeda82e143..70dd0030d53db4cdc1dd0857873e1741f1366512 100644 (file)
--- a/bfd/vms-misc.c
+++ b/bfd/vms-misc.c
@@ -163,9 +163,12 @@ _bfd_vms_save_sized_string (bfd *abfd, unsigned char *str, size_t size)
  char *
  _bfd_vms_save_counted_string (bfd *abfd, unsigned char *ptr, size_t maxlen)
  {
-  unsigned int len = *ptr++;
+  unsigned int len;
  
-  if (len > maxlen)
+  if (maxlen == 0)
+    return NULL;
+  len = *ptr++;
+  if (len >  maxlen - 1)
      return NULL;
    return _bfd_vms_save_sized_string (abfd, ptr, len);
  }
author	Alan Modra <amodra@gmail.com>
	Sun, 25 Oct 2020 11:51:45 +0000 (22:21 +1030)
committer	Alan Modra <amodra@gmail.com>
	Sun, 25 Oct 2020 11:55:45 +0000 (22:25 +1030)
bfd/ChangeLog		patch \| blob \| history
bfd/vms-misc.c		patch \| blob \| history