This is the mail archive of the mailing list for the binutils project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Fix memory access

Hi Guys,

  The upgrade to version 1.2.10 of ZLIB has exposed a bug in the BFD
  library's code to decompressed section contents.  The code was lying
  to ZLIB about the size of the input buffer, and with the new, more
  efficient code in 1.2.10 this could result in an illegal memory

  I am applying the patch below to fix the problem.  Tested with no
  regressions on a large number of targets.


2017-02-17  Nick Clifton  <>

	* compress.c (bfd_get_full_section_contents): Remember to reduce
	compressed size by the sizeof the compression header when
	decompressing the contents.

diff --git a/bfd/compress.c b/bfd/compress.c
index 1ed7d74..f881c07 100644
--- a/bfd/compress.c
+++ b/bfd/compress.c
@@ -300,7 +300,7 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr)
 	   SHF_COMPRESSED section.  */
 	compression_header_size = 12;
       if (!decompress_contents (compressed_buffer + compression_header_size,
-				sec->compressed_size, p, sz))
+				sec->compressed_size - compression_header_size, p, sz))
 	  bfd_set_error (bfd_error_bad_value);
 	  if (p != *ptr)

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]