This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] PR22197, buffer overflow in bfd_get_debug_link_info_1
- From: Alan Modra <amodra at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 24 Sep 2017 12:20:38 -0000
- Subject: [binutils-gdb] PR22197, buffer overflow in bfd_get_debug_link_info_1
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d
commit 52b36c51e5bf6d7600fdc6ba115b170b0e78e31d
Author: Alan Modra <amodra@gmail.com>
Date: Sun Sep 24 21:36:18 2017 +0930
PR22197, buffer overflow in bfd_get_debug_link_info_1
PR 22197
* opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
within section bounds.
Diff:
---
bfd/ChangeLog | 6 ++++++
bfd/opncls.c | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index c465462..92a6c27 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,11 @@
2017-09-24 Alan Modra <amodra@gmail.com>
+ PR 22197
+ * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
+ within section bounds.
+
+2017-09-24 Alan Modra <amodra@gmail.com>
+
PR 22191
* dwarf2.c (decode_line_info): Properly free line sequences on error.
diff --git a/bfd/opncls.c b/bfd/opncls.c
index fa54986..8550623 100644
--- a/bfd/opncls.c
+++ b/bfd/opncls.c
@@ -1200,7 +1200,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, void *crc32_out)
/* PR 17597: avoid reading off the end of the buffer. */
crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
crc_offset = (crc_offset + 3) & ~3;
- if (crc_offset >= bfd_get_section_size (sect))
+ if (crc_offset + 4 > bfd_get_section_size (sect))
return NULL;
*crc32 = bfd_get_32 (abfd, contents + crc_offset);