From 45342c7c91f4c0a737405468ce2999825cb11c9a Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Wed, 2 Jun 2021 14:47:17 +0930
Subject: [PATCH] asan: heap buffer overflow in _bfd_elf_parse_attributes

	* elf-attrs.c (_bfd_elf_parse_attributes): Break out of loop if
	subsection length is too small to cover tag and length field.
---
 bfd/ChangeLog   | 5 +++++
 bfd/elf-attrs.c | 6 +++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index fd9721e7809..7857b70cf06 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2021-06-02  Alan Modra  <amodra@gmail.com>
+
+	* elf-attrs.c (_bfd_elf_parse_attributes): Break out of loop if
+	subsection length is too small to cover tag and length field.
+
 2021-05-31  Nelson Chu  <nelson.chu@sifive.com>
 	    Lifang Xia  <lifang_xia@c-sky.com>
 
diff --git a/bfd/elf-attrs.c b/bfd/elf-attrs.c
index 11a81a3ba74..72c606d9d1c 100644
--- a/bfd/elf-attrs.c
+++ b/bfd/elf-attrs.c
@@ -548,15 +548,15 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
 		}
 	      else
 		{
-		  subsection_len = 0;
 		  p = p_end;
+		  break;
 		}
-	      if (subsection_len == 0)
-		break;
 	      if (subsection_len > section_len)
 		subsection_len = section_len;
 	      section_len -= subsection_len;
 	      end = orig_p + subsection_len;
+	      if (end < p)
+		break;
 	      switch (tag)
 		{
 		case Tag_File:
-- 
2.30.2