Prevent an illegal memory access when comparing the prefix of a section name regexp.

	PR 29849
	* ldlang.c (spec_match): Check that there is sufficient length in
	the target name to match the spec's prefix.

diff --git a/ld/ChangeLog b/ld/ChangeLog
index 8f0528ffb3cff6175dc55d745f7e7ad4f10c9b56..e8dc0908cfa2497faedc24cceed23c248d3b0b70 100644 (file)
--- a/ld/ChangeLog
+++ b/ld/ChangeLog
@@ -1,3 +1,9 @@
+2022-12-05  Nick Clifton  <nickc@redhat.com>
+
+       PR 29849
+       * ldlang.c (spec_match): Check that there is sufficient length in
+       the target name to match the spec's prefix.
+
 2022-11-03  Nick Clifton  <nickc@redhat.com>
 
        PR 29748

diff --git a/ld/ldlang.c b/ld/ldlang.c
index d873adb8d9c7a23094278b1d8bce008e7a116118..7829f86dfec6fb41400a28433bfe9e7c0f08bdbb 100644 (file)
--- a/ld/ldlang.c
+++ b/ld/ldlang.c
@@ -223,23 +223,39 @@ spec_match (const struct wildcard_spec *spec, const char *name)
   size_t nl = spec->namelen;
   size_t pl = spec->prefixlen;
   size_t sl = spec->suffixlen;
+  size_t inputlen = strlen (name);
   int r;
-  if (pl && (r = memcmp (spec->name, name, pl)))
-    return r;
+
+  if (pl)
+    {
+      if (inputlen < pl)
+       return 1;
+
+      r = memcmp (spec->name, name, pl);
+      if (r)
+       return r;
+    }
+
   if (sl)
     {
-      size_t inputlen = strlen (name);
       if (inputlen < sl)
        return 1;
+
       r = memcmp (spec->name + nl - sl, name + inputlen - sl, sl);
       if (r)
        return r;
     }
+
   if (nl == pl + sl + 1 && spec->name[pl] == '*')
     return 0;
-  else if (nl > pl)
+
+  if (nl > pl)
     return fnmatch (spec->name + pl, name + pl, 0);
-  return name[nl];
+
+  if (inputlen >= nl)
+    return name[nl];
+
+  return 0;
 }
 
 static char *