This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] Fix buffer overrun parsing a corrupt tekhex binary.
- From: Nick Clifton <nickc at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 18 Aug 2017 07:46:00 -0000
- Subject: [binutils-gdb] Fix buffer overrun parsing a corrupt tekhex binary.
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=de25939739ffe9a9ad7cec07a35bb2a1e430fe39
commit de25939739ffe9a9ad7cec07a35bb2a1e430fe39
Author: Nick Clifton <nickc@redhat.com>
Date: Fri Aug 18 08:45:12 2017 +0100
Fix buffer overrun parsing a corrupt tekhex binary.
PR binutils/21962
* tekhex.c (getsym): Fix check for source pointer walking off the
end of the input buffer.
Diff:
---
bfd/ChangeLog | 6 ++++++
bfd/tekhex.c | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index e1985a4..79dfa1d 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-08-18 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21962
+ * tekhex.c (getsym): Fix check for source pointer walking off the
+ end of the input buffer.
+
2017-08-17 Szabolcs Nagy <szabolcs.nagy@arm.com>
PR ld/18808
diff --git a/bfd/tekhex.c b/bfd/tekhex.c
index 1d605d5..cb4b624 100644
--- a/bfd/tekhex.c
+++ b/bfd/tekhex.c
@@ -307,7 +307,7 @@ getsym (char *dstp, char **srcp, unsigned int *lenp, char * endp)
len = hex_value (*src++);
if (len == 0)
len = 16;
- for (i = 0; i < len && src < endp; i++)
+ for (i = 0; i < len && (src + i) < endp; i++)
dstp[i] = src[i];
dstp[i] = 0;
*srcp = src + i;