From: Alan Modra <amodra@gmail.com>
Date: Wed, 5 May 2021 04:03:00 +0000 (+0930)
Subject: asan: stack-buffer-overflow vms-lib.c:367
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=c38c6234f2b2425431d28449f609172aa2de549c;p=binutils-gdb.git

asan: stack-buffer-overflow vms-lib.c:367

	* vms-lib.c (vms_traverse_index): Account for vms_kbn size when
	sanity checking keylen.
---

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 0eb8618f6f9..c574570fbe9 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2021-05-05  Alan Modra  <amodra@gmail.com>
+
+	* vms-lib.c (vms_traverse_index): Account for vms_kbn size when
+	sanity checking keylen.
+
 2021-05-04  Nick Clifton  <nickc@redhat.com>
 
 	* libbfd.c (bfd_malloc): Provide some documenation.  Treat a size
diff --git a/bfd/vms-lib.c b/bfd/vms-lib.c
index dc23df39199..55e61305bdf 100644
--- a/bfd/vms-lib.c
+++ b/bfd/vms-lib.c
@@ -357,7 +357,7 @@ vms_traverse_index (bfd *abfd, unsigned int vbn, struct carsym_mem *cs,
 		    return false;
 		  kbn = (struct vms_kbn *)(kblk + koff);
 		  klen = bfd_getl16 (kbn->keylen);
-		  if (klen > sizeof (kblk) - koff)
+		  if (klen > sizeof (kblk) - sizeof (struct vms_kbn) - koff)
 		    return false;
 		  kvbn = bfd_getl32 (kbn->rfa.vbn);
 		  koff = bfd_getl16 (kbn->rfa.offset);