From 856c1545ce00d5c7d9368cdf5cb9dc7181c981e8 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Fri, 6 Aug 2021 19:08:30 +0930 Subject: [PATCH] bfd_reloc_offset_in_range overflow This patch is more about the style of bounds checking we ought to use, rather than a real problem. An overflow of "octet + reloc_size" can only happen with huge sections which would certainly cause out of memory errors. * reloc.c (bfd_reloc_offset_in_range): Avoid possible overflow. --- bfd/reloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bfd/reloc.c b/bfd/reloc.c index 6d920e1df06..441ddd8fa2e 100644 --- a/bfd/reloc.c +++ b/bfd/reloc.c @@ -547,7 +547,7 @@ bfd_reloc_offset_in_range (reloc_howto_type *howto, /* The reloc field must be contained entirely within the section. Allow zero length fields (marker relocs or NONE relocs where no relocation will be performed) at the end of the section. */ - return octet <= octet_end && octet + reloc_size <= octet_end; + return octet <= octet_end && reloc_size <= octet_end - octet; } /* Read and return the section contents at DATA converted to a host -- 2.30.2