Fix potential arithmetic overflow in the linker's plugin handling code.

author Nick Clifton <nickc@redhat.com>

Tue, 3 May 2022 10:40:41 +0000 (11:40 +0100)

committer Nick Clifton <nickc@redhat.com>

Tue, 3 May 2022 10:41:45 +0000 (11:41 +0100)
author Nick Clifton <nickc@redhat.com>
Tue, 3 May 2022 10:40:41 +0000 (11:40 +0100)
committer Nick Clifton <nickc@redhat.com>
Tue, 3 May 2022 10:41:45 +0000 (11:41 +0100)
diff --git a/ld/ChangeLog b/ld/ChangeLog

index a094af9e14786d9034cddc43bf0a5167a2a54554..7b9fdc837ca6642d9a2a2a3b8daa1aa750283887 100644 (file)
--- a/ld/ChangeLog
+++ b/ld/ChangeLog
@@ -1,3 +1,9 @@
+2022-05-03  Nick Clifton  <nickc@redhat.com>
+
+       PR 29101
+       * libdep_plugin.c (get_libdeps): Check for overflow when computing
+       amount of memory to allocate.
+
  2022-04-27  Nick Clifton  <nickc@redhat.com>
  
         PR 29006
diff --git a/ld/libdep_plugin.c b/ld/libdep_plugin.c

index 5569aa45e360be6321a94fe7f3b2af1caf3fd163..453df71c15b04f2df87bdbe41382dba6028763eb 100644 (file)
--- a/ld/libdep_plugin.c
+++ b/ld/libdep_plugin.c
@@ -99,6 +99,7 @@ get_libdeps (int fd)
    arhdr ah;
    int len;
    unsigned long mlen;
+  size_t amt;
    linerec *lr;
    enum ld_plugin_status rc = LDPS_NO_SYMS;
  
@@ -114,7 +115,10 @@ get_libdeps (int fd)
           lseek (fd, mlen, SEEK_CUR);
           continue;
         }
-      lr = malloc (sizeof (linerec) + mlen);
+      amt = mlen + sizeof (linerec);
+      if (amt <= mlen)
+       return LDPS_ERR;
+      lr = malloc (amt);
        if (!lr)
         return LDPS_ERR;
        lr->next = NULL;
author	Nick Clifton <nickc@redhat.com>
	Tue, 3 May 2022 10:40:41 +0000 (11:40 +0100)
committer	Nick Clifton <nickc@redhat.com>
	Tue, 3 May 2022 10:41:45 +0000 (11:41 +0100)
ld/ChangeLog		patch \| blob \| history
ld/libdep_plugin.c		patch \| blob \| history