From: Nick Clifton <nickc@redhat.com>
Date: Tue, 3 May 2022 10:40:41 +0000 (+0100)
Subject: Fix potential arithmetic overflow in the linker's plugin handling code.
X-Git-Tag: binutils-2_39~772
X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fbinutils-gdb.git;a=commitdiff_plain;h=46465574a925062ba7dfa72f49ba5199d7a39fc3

Fix potential arithmetic overflow in the linker's plugin handling code.

	PR 29101
	* libdep_plugin.c (get_libdeps): Check for overflow when computing
	amount of memory to allocate.
---

diff --git a/ld/ChangeLog b/ld/ChangeLog
index a094af9e147..7b9fdc837ca 100644
--- a/ld/ChangeLog
+++ b/ld/ChangeLog
@@ -1,3 +1,9 @@
+2022-05-03  Nick Clifton  <nickc@redhat.com>
+
+	PR 29101
+	* libdep_plugin.c (get_libdeps): Check for overflow when computing
+	amount of memory to allocate.
+
 2022-04-27  Nick Clifton  <nickc@redhat.com>
 
 	PR 29006
diff --git a/ld/libdep_plugin.c b/ld/libdep_plugin.c
index 5569aa45e36..453df71c15b 100644
--- a/ld/libdep_plugin.c
+++ b/ld/libdep_plugin.c
@@ -99,6 +99,7 @@ get_libdeps (int fd)
   arhdr ah;
   int len;
   unsigned long mlen;
+  size_t amt;
   linerec *lr;
   enum ld_plugin_status rc = LDPS_NO_SYMS;
 
@@ -114,7 +115,10 @@ get_libdeps (int fd)
 	  lseek (fd, mlen, SEEK_CUR);
 	  continue;
 	}
-      lr = malloc (sizeof (linerec) + mlen);
+      amt = mlen + sizeof (linerec);
+      if (amt <= mlen)
+	return LDPS_ERR;
+      lr = malloc (amt);
       if (!lr)
 	return LDPS_ERR;
       lr->next = NULL;