From: Alan Modra <amodra@gmail.com>
Date: Wed, 10 Feb 2021 23:23:17 +0000 (+1030)
Subject: PR27291, integer overflow in bfd_get_section_contents
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=6db658c517bdfbf8e5b8c5a34caf3ff1eea332f1;p=binutils-gdb.git

PR27291, integer overflow in bfd_get_section_contents

Makes the code a little more elegant too.  Note that the unsigned
overflow reported here is well defined so this patch doesn't fix any
real problem.

	PR 27291
	* section.c (bfd_get_section_contents): Avoid possible overflow
	when range checking offset and count.
	(bfd_set_section_contents): Likewise.
---

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index ebe2b5882e3..41da87b814f 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2021-02-11  Alan Modra  <amodra@gmail.com>
+
+	PR 27291
+	* section.c (bfd_get_section_contents): Avoid possible overflow
+	when range checking offset and count.
+	(bfd_set_section_contents): Likewise.
+
 2021-02-03  Nick Alcock  <nick.alcock@oracle.com>
 
 	* configure.ac (SHARED_LIBADD): Remove explicit -lintl population in
diff --git a/bfd/section.c b/bfd/section.c
index 3e6ba0c0938..059b6fa2e57 100644
--- a/bfd/section.c
+++ b/bfd/section.c
@@ -1498,8 +1498,7 @@ bfd_set_section_contents (bfd *abfd,
 
   sz = section->size;
   if ((bfd_size_type) offset > sz
-      || count > sz
-      || offset + count > sz
+      || count > sz - offset
       || count != (size_t) count)
     {
       bfd_set_error (bfd_error_bad_value);
@@ -1569,8 +1568,7 @@ bfd_get_section_contents (bfd *abfd,
   else
     sz = section->size;
   if ((bfd_size_type) offset > sz
-      || count > sz
-      || offset + count > sz
+      || count > sz - offset
       || count != (size_t) count)
     {
       bfd_set_error (bfd_error_bad_value);