This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

PR22197, buffer overflow in bfd_get_debug_link_info_1

From: Alan Modra <amodra at gmail dot com>
To: binutils at sourceware dot org
Date: Sun, 24 Sep 2017 21:42:41 +0930
Subject: PR22197, buffer overflow in bfd_get_debug_link_info_1
Authentication-results: sourceware.org; auth=none

	PR 22197
	* opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
	within section bounds.

diff --git a/bfd/opncls.c b/bfd/opncls.c
index fa54986..8550623 100644
--- a/bfd/opncls.c
+++ b/bfd/opncls.c
@@ -1200,7 +1200,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, void *crc32_out)
   /* PR 17597: avoid reading off the end of the buffer.  */
   crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
   crc_offset = (crc_offset + 3) & ~3;
-  if (crc_offset >= bfd_get_section_size (sect))
+  if (crc_offset + 4 > bfd_get_section_size (sect))
     return NULL;
 
   *crc32 = bfd_get_32 (abfd, contents + crc_offset);

-- 
Alan Modra
Australia Development Lab, IBM

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]