From 3bf5bf547a2ffdbd702804b95b3218040ac470dc Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Mon, 5 Dec 2022 14:57:17 +0000 Subject: [PATCH] Prevent an illegal memory access when comparing the prefix of a section name regexp. PR 29849 * ldlang.c (spec_match): Check that there is sufficient length in the target name to match the spec's prefix. --- ld/ChangeLog | 6 ++++++ ld/ldlang.c | 26 +++++++++++++++++++++----- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/ld/ChangeLog b/ld/ChangeLog index 8f0528ffb3c..e8dc0908cfa 100644 --- a/ld/ChangeLog +++ b/ld/ChangeLog @@ -1,3 +1,9 @@ +2022-12-05 Nick Clifton + + PR 29849 + * ldlang.c (spec_match): Check that there is sufficient length in + the target name to match the spec's prefix. + 2022-11-03 Nick Clifton PR 29748 diff --git a/ld/ldlang.c b/ld/ldlang.c index d873adb8d9c..7829f86dfec 100644 --- a/ld/ldlang.c +++ b/ld/ldlang.c @@ -223,23 +223,39 @@ spec_match (const struct wildcard_spec *spec, const char *name) size_t nl = spec->namelen; size_t pl = spec->prefixlen; size_t sl = spec->suffixlen; + size_t inputlen = strlen (name); int r; - if (pl && (r = memcmp (spec->name, name, pl))) - return r; + + if (pl) + { + if (inputlen < pl) + return 1; + + r = memcmp (spec->name, name, pl); + if (r) + return r; + } + if (sl) { - size_t inputlen = strlen (name); if (inputlen < sl) return 1; + r = memcmp (spec->name + nl - sl, name + inputlen - sl, sl); if (r) return r; } + if (nl == pl + sl + 1 && spec->name[pl] == '*') return 0; - else if (nl > pl) + + if (nl > pl) return fnmatch (spec->name + pl, name + pl, 0); - return name[nl]; + + if (inputlen >= nl) + return name[nl]; + + return 0; } static char * -- 2.30.2