Fix an illegal memory access in the BFD library which can be triggered by attempting...

author Nick Clifton <nickc@redhat.com>

Wed, 15 Jul 2020 10:09:59 +0000 (11:09 +0100)

committer Nick Clifton <nickc@redhat.com>

Wed, 15 Jul 2020 10:09:59 +0000 (11:09 +0100)
author Nick Clifton <nickc@redhat.com>
Wed, 15 Jul 2020 10:09:59 +0000 (11:09 +0100)
committer Nick Clifton <nickc@redhat.com>
Wed, 15 Jul 2020 10:09:59 +0000 (11:09 +0100)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index 321e2e060bda982d9dbf96653bc8641535e1ea9e..1337645a731ca06eec218025a6165056566f593a 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2020-07-15  Nick Clifton  <nickc@redhat.com>
+
+       PR26240
+       * coffgen.c (coff_get_normalized_symtab): Fix off-by-one error in
+       check for aux entries that overflow the buufer.
+
  2020-07-15  Hans-Peter Nilsson  <hp@bitrange.com>
  
         * elf64-mmix.c (mmix_elf_relax_section): Improve accounting for
diff --git a/bfd/coffgen.c b/bfd/coffgen.c

index d49b2ff201ebf48fe5293b8f70e220db3a314c40..0a2697268e90fd2af3285db293934240afb26398 100644 (file)
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1814,7 +1814,7 @@ coff_get_normalized_symtab (bfd *abfd)
        internal_ptr->is_sym = TRUE;
  
        /* PR 17512: Prevent buffer overrun.  */
-      if (symbol_ptr->u.syment.n_numaux > (raw_end - raw_src) / symesz)
+      if (symbol_ptr->u.syment.n_numaux > ((raw_end - 1) - raw_src) / symesz)
         {
           bfd_release (abfd, internal);
           return NULL;
author	Nick Clifton <nickc@redhat.com>
	Wed, 15 Jul 2020 10:09:59 +0000 (11:09 +0100)
committer	Nick Clifton <nickc@redhat.com>
	Wed, 15 Jul 2020 10:09:59 +0000 (11:09 +0100)
bfd/ChangeLog		patch \| blob \| history
bfd/coffgen.c		patch \| blob \| history