From 0c1438eb15a31098ba42427e0f48e4e5cc6bfe0b Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Tue, 25 Aug 2020 14:47:50 +0930 Subject: [PATCH] PR26430, ASAN: nacl_modify_segment_map elf-nacl.c:164 PR 26430 * elf-nacl.c (nacl_modify_segment_map): Correct alloc size and amount copied for elf_segment_map defined with one element sections array. --- bfd/ChangeLog | 7 +++++++ bfd/elf-nacl.c | 10 +++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index a24957a8c19..4fc95529ab3 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,10 @@ +2020-08-25 Alan Modra + + PR 26430 + * elf-nacl.c (nacl_modify_segment_map): Correct alloc size and + amount copied for elf_segment_map defined with one element + sections array. + 2020-08-25 Alan Modra PR 26422 diff --git a/bfd/elf-nacl.c b/bfd/elf-nacl.c index 3a232dfbb0b..a7cd827c917 100644 --- a/bfd/elf-nacl.c +++ b/bfd/elf-nacl.c @@ -156,13 +156,13 @@ nacl_modify_segment_map (bfd *abfd, struct bfd_link_info *info) secdata->this_hdr.sh_addr = sec->vma; secdata->this_hdr.sh_size = sec->size; - newseg = bfd_alloc (abfd, - sizeof *newseg + ((seg->count + 1) - * sizeof (asection *))); + newseg + = bfd_alloc (abfd, (sizeof (*newseg) + + seg->count * sizeof (asection *))); if (newseg == NULL) return FALSE; - memcpy (newseg, seg, - sizeof *newseg + (seg->count * sizeof (asection *))); + memcpy (newseg, seg, (sizeof (*newseg) - sizeof (asection *) + + seg->count * sizeof (asection *))); newseg->sections[newseg->count++] = sec; *m = seg = newseg; } -- 2.30.2