asan: heap buffer overflow in _bfd_vms_slurp_egsd

author Alan Modra <amodra@gmail.com>

Tue, 5 Jan 2021 02:47:24 +0000 (13:17 +1030)

committer Alan Modra <amodra@gmail.com>

Tue, 5 Jan 2021 02:59:07 +0000 (13:29 +1030)
author Alan Modra <amodra@gmail.com>
Tue, 5 Jan 2021 02:47:24 +0000 (13:17 +1030)
committer Alan Modra <amodra@gmail.com>
Tue, 5 Jan 2021 02:59:07 +0000 (13:29 +1030)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index 20ccea5920efe6e028739c37f6570b909d57a101..4eda3a1e57ecbc75a51bc963ef2476e033ef16b5 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,7 @@
+2021-01-05  Alan Modra  <amodra@gmail.com>
+
+       * vms-alpha.c (_bfd_vms_slurp_egsd): Read flags after size check.
+
  2021-01-05  Nelson Chu  <nelson.chu@sifive.com>
  
         * elfnn-riscv.c (allocate_dynrelocs): When we are generating pde,
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c

index 2c0e8126dc24afb9437dce51dd3ed0dc0b9d8942..72d89e518f60fce075fa3ecd2f025e2df25b59c5 100644 (file)
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -1394,14 +1394,13 @@ _bfd_vms_slurp_egsd (bfd *abfd)
             flagword old_flags;
             unsigned int nameoff = offsetof (struct vms_egst, namlng);
  
-           old_flags = bfd_getl16 (egst->header.flags);
-
             if (nameoff >= gsd_size)
               goto too_small;
             entry = add_symbol (abfd, &egst->namlng, gsd_size - nameoff);
             if (entry == NULL)
               return FALSE;
  
+           old_flags = bfd_getl16 (egst->header.flags);
             entry->typ = gsd_type;
             entry->data_type = egst->header.datyp;
             entry->flags = old_flags;
author	Alan Modra <amodra@gmail.com>
	Tue, 5 Jan 2021 02:47:24 +0000 (13:17 +1030)
committer	Alan Modra <amodra@gmail.com>
	Tue, 5 Jan 2021 02:59:07 +0000 (13:29 +1030)
bfd/ChangeLog		patch \| blob \| history
bfd/vms-alpha.c		patch \| blob \| history