projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8007515)
PR29482 - strip: heap-buffer-overflow
authorAlan Modra <amodra@gmail.com>
Sat, 13 Aug 2022 06:02:47 +0000 (15:32 +0930)
committerAlan Modra <amodra@gmail.com>
Sat, 13 Aug 2022 06:02:47 +0000 (15:32 +0930)
PR 29482
* coffcode.h (coff_set_section_contents): Sanity check _LIB.

bfd/coffcode.h patch | blob | history

diff --git a/bfd/coffcode.h b/bfd/coffcode.h
index 67aaf158ca1829fe63f0065f31a0b1009b227b36..52027981c3f052d98e043cd0c877f0bb5da97c7f 100644 (file)
--- a/bfd/coffcode.h
+++ b/bfd/coffcode.h
@@ -4302,10 +4302,13 @@ coff_set_section_contents (bfd * abfd,
 
        rec = (bfd_byte *) location;
        recend = rec + count;
-       while (rec < recend)
+       while (recend - rec >= 4)
          {
+           size_t len = bfd_get_32 (abfd, rec);
+           if (len == 0 || len > (size_t) (recend - rec) / 4)
+             break;
+           rec += len * 4;
            ++section->lma;
-           rec += bfd_get_32 (abfd, rec) * 4;
          }
 
        BFD_ASSERT (rec == recend);