From: H.J. Lu <hjl.tools@gmail.com>
Date: Tue, 6 Dec 2022 20:54:43 +0000 (-0800)
Subject: bfd: Avoid signed overflow for new_size adjustment
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=e25466730d436937e814f80b69e5d124513fff03;p=binutils-gdb.git

bfd: Avoid signed overflow for new_size adjustment

When bfd_size_type is unsigned 64-bit integer and sizeof is unsigned
32-bit integer, subtraction in

*new_size += sizeof (Elf32_External_Chdr) - sizeof (Elf64_External_Chdr);

will overflow.  Use

*new_size -= sizeof (Elf64_External_Chdr) - sizeof (Elf32_External_Chdr);

to avoid overflow.

	PR binutils/29860
	* compress.c (bfd_convert_section_setup): Avoid signed overflow
	for new_size adjustment.
---

diff --git a/bfd/compress.c b/bfd/compress.c
index bb55a6ec0ac..5ea7cd95f3a 100644
--- a/bfd/compress.c
+++ b/bfd/compress.c
@@ -306,7 +306,7 @@ bfd_convert_section_setup (bfd *ibfd, asection *isec, bfd *obfd,
   if (hdr_size == sizeof (Elf32_External_Chdr))
     *new_size += sizeof (Elf64_External_Chdr) - sizeof (Elf32_External_Chdr);
   else
-    *new_size += sizeof (Elf32_External_Chdr) - sizeof (Elf64_External_Chdr);
+    *new_size -= sizeof (Elf64_External_Chdr) - sizeof (Elf32_External_Chdr);
   return true;
 }