From 46465574a925062ba7dfa72f49ba5199d7a39fc3 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Tue, 3 May 2022 11:40:41 +0100
Subject: [PATCH] Fix potential arithmetic overflow in the linker's plugin
 handling code.

	PR 29101
	* libdep_plugin.c (get_libdeps): Check for overflow when computing
	amount of memory to allocate.
---
 ld/ChangeLog       | 6 ++++++
 ld/libdep_plugin.c | 6 +++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/ld/ChangeLog b/ld/ChangeLog
index a094af9e147..7b9fdc837ca 100644
--- a/ld/ChangeLog
+++ b/ld/ChangeLog
@@ -1,3 +1,9 @@
+2022-05-03  Nick Clifton  <nickc@redhat.com>
+
+	PR 29101
+	* libdep_plugin.c (get_libdeps): Check for overflow when computing
+	amount of memory to allocate.
+
 2022-04-27  Nick Clifton  <nickc@redhat.com>
 
 	PR 29006
diff --git a/ld/libdep_plugin.c b/ld/libdep_plugin.c
index 5569aa45e36..453df71c15b 100644
--- a/ld/libdep_plugin.c
+++ b/ld/libdep_plugin.c
@@ -99,6 +99,7 @@ get_libdeps (int fd)
   arhdr ah;
   int len;
   unsigned long mlen;
+  size_t amt;
   linerec *lr;
   enum ld_plugin_status rc = LDPS_NO_SYMS;
 
@@ -114,7 +115,10 @@ get_libdeps (int fd)
 	  lseek (fd, mlen, SEEK_CUR);
 	  continue;
 	}
-      lr = malloc (sizeof (linerec) + mlen);
+      amt = mlen + sizeof (linerec);
+      if (amt <= mlen)
+	return LDPS_ERR;
+      lr = malloc (amt);
       if (!lr)
 	return LDPS_ERR;
       lr->next = NULL;
-- 
2.30.2