From 4fd8d5856435ff84de1f181381fc51754285af6f Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Wed, 15 Jul 2020 11:09:59 +0100 Subject: [PATCH] Fix an illegal memory access in the BFD library which can be triggered by attempting to parse a corrupt PE format file. PR26240 * coffgen.c (coff_get_normalized_symtab): Fix off-by-one error in check for aux entries that overflow the buufer. --- bfd/ChangeLog | 6 ++++++ bfd/coffgen.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 321e2e060bd..1337645a731 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2020-07-15 Nick Clifton + + PR26240 + * coffgen.c (coff_get_normalized_symtab): Fix off-by-one error in + check for aux entries that overflow the buufer. + 2020-07-15 Hans-Peter Nilsson * elf64-mmix.c (mmix_elf_relax_section): Improve accounting for diff --git a/bfd/coffgen.c b/bfd/coffgen.c index d49b2ff201e..0a2697268e9 100644 --- a/bfd/coffgen.c +++ b/bfd/coffgen.c @@ -1814,7 +1814,7 @@ coff_get_normalized_symtab (bfd *abfd) internal_ptr->is_sym = TRUE; /* PR 17512: Prevent buffer overrun. */ - if (symbol_ptr->u.syment.n_numaux > (raw_end - raw_src) / symesz) + if (symbol_ptr->u.syment.n_numaux > ((raw_end - 1) - raw_src) / symesz) { bfd_release (abfd, internal); return NULL; -- 2.30.2