Fix an illegal memory access when parsing a corrupt VMS Alpha file.

author Nick Clifton <nickc@redhat.com>

Mon, 5 Dec 2022 11:11:44 +0000 (11:11 +0000)

committer Nick Clifton <nickc@redhat.com>

Mon, 5 Dec 2022 11:11:44 +0000 (11:11 +0000)
author Nick Clifton <nickc@redhat.com>
Mon, 5 Dec 2022 11:11:44 +0000 (11:11 +0000)
committer Nick Clifton <nickc@redhat.com>
Mon, 5 Dec 2022 11:11:44 +0000 (11:11 +0000)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index eee5d42d6bbe8510861ea858a1210b6cced883ca..ee8eaf01d424fc1ac883c9701cd412a18b8fefba 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2022-12-05  Nick Clifton  <nickc@redhat.com>
+
+       PR 29848
+       * vms-alpha.c (parse_module): Fix potential out of bounds memory
+       access.
+
  2022-12-01  Nick Clifton  <nickc@redhat.com>
  
         PR 25202
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c

index 9531953bb6dc3c29906eb40478bd00c01f7cdb16..c0eb5bc5a2a99ad2dda093eddcd8218ff1430c37 100644 (file)
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -4366,7 +4366,7 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
      return false;
    module->line_table = curr_line;
  
-  while (length == -1 || ptr < maxptr)
+  while (length == -1 || (ptr + 3) < maxptr)
      {
        /* The first byte is not counted in the recorded length.  */
        int rec_length = bfd_getl16 (ptr) + 1;
author	Nick Clifton <nickc@redhat.com>
	Mon, 5 Dec 2022 11:11:44 +0000 (11:11 +0000)
committer	Nick Clifton <nickc@redhat.com>
	Mon, 5 Dec 2022 11:11:44 +0000 (11:11 +0000)
bfd/ChangeLog		patch \| blob \| history
bfd/vms-alpha.c		patch \| blob \| history