From c38c6234f2b2425431d28449f609172aa2de549c Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Wed, 5 May 2021 13:33:00 +0930
Subject: [PATCH] asan: stack-buffer-overflow vms-lib.c:367

	* vms-lib.c (vms_traverse_index): Account for vms_kbn size when
	sanity checking keylen.
---
 bfd/ChangeLog | 5 +++++
 bfd/vms-lib.c | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 0eb8618f6f9..c574570fbe9 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2021-05-05  Alan Modra  <amodra@gmail.com>
+
+	* vms-lib.c (vms_traverse_index): Account for vms_kbn size when
+	sanity checking keylen.
+
 2021-05-04  Nick Clifton  <nickc@redhat.com>
 
 	* libbfd.c (bfd_malloc): Provide some documenation.  Treat a size
diff --git a/bfd/vms-lib.c b/bfd/vms-lib.c
index dc23df39199..55e61305bdf 100644
--- a/bfd/vms-lib.c
+++ b/bfd/vms-lib.c
@@ -357,7 +357,7 @@ vms_traverse_index (bfd *abfd, unsigned int vbn, struct carsym_mem *cs,
 		    return false;
 		  kbn = (struct vms_kbn *)(kblk + koff);
 		  klen = bfd_getl16 (kbn->keylen);
-		  if (klen > sizeof (kblk) - koff)
+		  if (klen > sizeof (kblk) - sizeof (struct vms_kbn) - koff)
 		    return false;
 		  kvbn = bfd_getl32 (kbn->rfa.vbn);
 		  koff = bfd_getl16 (kbn->rfa.offset);
-- 
2.30.2