This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
PR22197, buffer overflow in bfd_get_debug_link_info_1
- From: Alan Modra <amodra at gmail dot com>
- To: binutils at sourceware dot org
- Date: Sun, 24 Sep 2017 21:42:41 +0930
- Subject: PR22197, buffer overflow in bfd_get_debug_link_info_1
- Authentication-results: sourceware.org; auth=none
PR 22197
* opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
within section bounds.
diff --git a/bfd/opncls.c b/bfd/opncls.c
index fa54986..8550623 100644
--- a/bfd/opncls.c
+++ b/bfd/opncls.c
@@ -1200,7 +1200,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, void *crc32_out)
/* PR 17597: avoid reading off the end of the buffer. */
crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
crc_offset = (crc_offset + 3) & ~3;
- if (crc_offset >= bfd_get_section_size (sect))
+ if (crc_offset + 4 > bfd_get_section_size (sect))
return NULL;
*crc32 = bfd_get_32 (abfd, contents + crc_offset);
--
Alan Modra
Australia Development Lab, IBM