From 6db658c517bdfbf8e5b8c5a34caf3ff1eea332f1 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Thu, 11 Feb 2021 09:53:17 +1030 Subject: [PATCH] PR27291, integer overflow in bfd_get_section_contents Makes the code a little more elegant too. Note that the unsigned overflow reported here is well defined so this patch doesn't fix any real problem. PR 27291 * section.c (bfd_get_section_contents): Avoid possible overflow when range checking offset and count. (bfd_set_section_contents): Likewise. --- bfd/ChangeLog | 7 +++++++ bfd/section.c | 6 ++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index ebe2b5882e3..41da87b814f 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,10 @@ +2021-02-11 Alan Modra + + PR 27291 + * section.c (bfd_get_section_contents): Avoid possible overflow + when range checking offset and count. + (bfd_set_section_contents): Likewise. + 2021-02-03 Nick Alcock * configure.ac (SHARED_LIBADD): Remove explicit -lintl population in diff --git a/bfd/section.c b/bfd/section.c index 3e6ba0c0938..059b6fa2e57 100644 --- a/bfd/section.c +++ b/bfd/section.c @@ -1498,8 +1498,7 @@ bfd_set_section_contents (bfd *abfd, sz = section->size; if ((bfd_size_type) offset > sz - || count > sz - || offset + count > sz + || count > sz - offset || count != (size_t) count) { bfd_set_error (bfd_error_bad_value); @@ -1569,8 +1568,7 @@ bfd_get_section_contents (bfd *abfd, else sz = section->size; if ((bfd_size_type) offset > sz - || count > sz - || offset + count > sz + || count > sz - offset || count != (size_t) count) { bfd_set_error (bfd_error_bad_value); -- 2.30.2