From: Alan Modra <amodra@gmail.com>
Date: Wed, 24 Feb 2021 00:22:47 +0000 (+1030)
Subject: PR27459, segmentation fault in go32exe_check_format
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=93af1b046b76380c1b06940c31581c30001d27de;p=binutils-gdb.git

PR27459, segmentation fault in go32exe_check_format

	PR 27459
	* coff-stgo32.c (go32exe_check_format): Sanity check size of
	header to avoid a buffer overflow.
---

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 7a41a149aec..52d9bf26008 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2021-02-24  Alan Modra  <amodra@gmail.com>
+
+	PR 27459
+	* coff-stgo32.c (go32exe_check_format): Sanity check size of
+	header to avoid a buffer overflow.
+
 2021-02-22  Alan Modra  <amodra@gmail.com>
 
 	* coff-rs6000.c (_bfd_xcoff_reloc_type_lookup): Remove BFD_RELOC_16.
diff --git a/bfd/coff-stgo32.c b/bfd/coff-stgo32.c
index 7ae94197723..7593b62e8e6 100644
--- a/bfd/coff-stgo32.c
+++ b/bfd/coff-stgo32.c
@@ -304,7 +304,9 @@ go32exe_check_format (bfd *abfd)
 
   /* Confirm that this is a go32stub.  */
   header_end = H_GET_16 (abfd, filehdr_dos.e_cparhdr) * 16UL;
-  if (! CONST_STRNEQ (go32exe_temp_stub + header_end, "go32stub"))
+  if (go32exe_temp_stub_size < header_end
+      || go32exe_temp_stub_size - header_end < sizeof "go32stub" - 1
+      || !CONST_STRNEQ (go32exe_temp_stub + header_end, "go32stub"))
     goto fail_format;
 
   /* Set origin to where the COFF header starts and seek there.  */