From 6438d1be9e9b6802a465c70c76b9cec7e23270f3 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Fri, 17 Feb 2017 11:39:20 +0000 Subject: [PATCH] Fix potential illegal memory access in ZLIB because of an erroneous declaration of the size of the input buffer. * compress.c (bfd_get_full_section_contents): Remember to reduce compressed size by the sizeof the compression header when decompressing the contents. --- bfd/ChangeLog | 6 ++++++ bfd/compress.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index be8bd680b07..3f3adc0e9f3 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2017-02-17 Nick Clifton + + * compress.c (bfd_get_full_section_contents): Remember to reduce + compressed size by the sizeof the compression header when + decompressing the contents. + 2017-02-17 Pedro Alves * srec.c (Chunk): Rename to ... diff --git a/bfd/compress.c b/bfd/compress.c index 1ed7d74bf89..f881c074b85 100644 --- a/bfd/compress.c +++ b/bfd/compress.c @@ -300,7 +300,7 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr) SHF_COMPRESSED section. */ compression_header_size = 12; if (!decompress_contents (compressed_buffer + compression_header_size, - sec->compressed_size, p, sz)) + sec->compressed_size - compression_header_size, p, sz)) { bfd_set_error (bfd_error_bad_value); if (p != *ptr) -- 2.30.2