From 3f9661f12a42583c91655bc5c5b60542bcaed4e2 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Sat, 23 Oct 2021 11:27:14 +1030 Subject: [PATCH] asan: aout: heap buffer overflow * aoutx.h (aout_get_external_symbols): Sanity check before writing zero index entry. Remove outdated comment. * pdp11.c (aout_get_external_symbols): Likewise. --- bfd/aoutx.h | 5 ++--- bfd/pdp11.c | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/bfd/aoutx.h b/bfd/aoutx.h index ea09646f2b3..61d8e0c8716 100644 --- a/bfd/aoutx.h +++ b/bfd/aoutx.h @@ -1353,8 +1353,6 @@ aout_get_external_symbols (bfd *abfd) if (stringsize >= BYTES_IN_WORD) { - /* Keep the string count in the buffer for convenience - when indexing with e_strx. */ amt = stringsize - BYTES_IN_WORD; if (bfd_bread (strings + BYTES_IN_WORD, amt, abfd) != amt) { @@ -1364,7 +1362,8 @@ aout_get_external_symbols (bfd *abfd) } } /* Ensure that a zero index yields an empty string. */ - memset (strings, 0, BYTES_IN_WORD); + if (stringsize >= BYTES_IN_WORD) + memset (strings, 0, BYTES_IN_WORD); /* Ensure that the string buffer is NUL terminated. */ strings[stringsize] = 0; diff --git a/bfd/pdp11.c b/bfd/pdp11.c index 6429b43be19..280f5cdd68b 100644 --- a/bfd/pdp11.c +++ b/bfd/pdp11.c @@ -1333,8 +1333,6 @@ aout_get_external_symbols (bfd *abfd) if (stringsize >= BYTES_IN_LONG) { - /* Keep the string count in the buffer for convenience - when indexing with e_strx. */ amt = stringsize - BYTES_IN_LONG; if (bfd_bread (strings + BYTES_IN_LONG, amt, abfd) != amt) { @@ -1344,7 +1342,8 @@ aout_get_external_symbols (bfd *abfd) } } /* Ensure that a zero index yields an empty string. */ - memset (strings, 0, BYTES_IN_LONG); + if (stringsize >= BYTES_IN_WORD) + memset (strings, 0, BYTES_IN_LONG); /* Ensure that the string buffer is NUL terminated. */ strings[stringsize] = 0; -- 2.30.2