From 0c70050a4bb65c6159dc7d65c1fba253c97837c8 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Sun, 25 Oct 2020 22:21:45 +1030
Subject: [PATCH] asan: alpha-vms: buffer overflow

	* vms-misc.c (_bfd_vms_save_counted_string): Count length byte
	towards maxlen.
---
 bfd/ChangeLog  | 5 +++++
 bfd/vms-misc.c | 7 +++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 194241b7278..931d4455ef5 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2020-10-25  Alan Modra  <amodra@gmail.com>
+
+	* vms-misc.c (_bfd_vms_save_counted_string): Count length byte
+	towards maxlen.
+
 2020-10-20  Dr. David Alan Gilbert  <dgilbert@redhat.com>
 
 	* po/es.po: Fix printf format.
diff --git a/bfd/vms-misc.c b/bfd/vms-misc.c
index 0826456ef0f..70dd0030d53 100644
--- a/bfd/vms-misc.c
+++ b/bfd/vms-misc.c
@@ -163,9 +163,12 @@ _bfd_vms_save_sized_string (bfd *abfd, unsigned char *str, size_t size)
 char *
 _bfd_vms_save_counted_string (bfd *abfd, unsigned char *ptr, size_t maxlen)
 {
-  unsigned int len = *ptr++;
+  unsigned int len;
 
-  if (len > maxlen)
+  if (maxlen == 0)
+    return NULL;
+  len = *ptr++;
+  if (len >  maxlen - 1)
     return NULL;
   return _bfd_vms_save_sized_string (abfd, ptr, len);
 }
-- 
2.30.2