asan: stack-buffer-overflow vms-lib.c:367

author Alan Modra <amodra@gmail.com>

Wed, 5 May 2021 04:03:00 +0000 (13:33 +0930)

committer Alan Modra <amodra@gmail.com>

Wed, 5 May 2021 04:05:45 +0000 (13:35 +0930)
author Alan Modra <amodra@gmail.com>
Wed, 5 May 2021 04:03:00 +0000 (13:33 +0930)
committer Alan Modra <amodra@gmail.com>
Wed, 5 May 2021 04:05:45 +0000 (13:35 +0930)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index 0eb8618f6f99ac272b01acd8ad9037ef7045fcbc..c574570fbe9e417fe15ad0cda91b892c6197b122 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2021-05-05  Alan Modra  <amodra@gmail.com>
+
+       * vms-lib.c (vms_traverse_index): Account for vms_kbn size when
+       sanity checking keylen.
+
  2021-05-04  Nick Clifton  <nickc@redhat.com>
  
         * libbfd.c (bfd_malloc): Provide some documenation.  Treat a size
diff --git a/bfd/vms-lib.c b/bfd/vms-lib.c

index dc23df391998974a5d2f2823245643d6cef206f4..55e61305bdf594ba818ff707d5bde3ae105be453 100644 (file)
--- a/bfd/vms-lib.c
+++ b/bfd/vms-lib.c
@@ -357,7 +357,7 @@ vms_traverse_index (bfd *abfd, unsigned int vbn, struct carsym_mem *cs,
                     return false;
                   kbn = (struct vms_kbn *)(kblk + koff);
                   klen = bfd_getl16 (kbn->keylen);
-                 if (klen > sizeof (kblk) - koff)
+                 if (klen > sizeof (kblk) - sizeof (struct vms_kbn) - koff)
                     return false;
                   kvbn = bfd_getl32 (kbn->rfa.vbn);
                   koff = bfd_getl16 (kbn->rfa.offset);
author	Alan Modra <amodra@gmail.com>
	Wed, 5 May 2021 04:03:00 +0000 (13:33 +0930)
committer	Alan Modra <amodra@gmail.com>
	Wed, 5 May 2021 04:05:45 +0000 (13:35 +0930)
bfd/ChangeLog		patch \| blob \| history
bfd/vms-lib.c		patch \| blob \| history