From: Alan Modra <amodra@gmail.com>
Date: Tue, 15 Apr 2025 23:25:04 +0000 (+0930)
Subject: Re: windres: buffer overflow in bin_to_res_toolbar
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d4c57933d6f70addefca9a4159cd15bed9e3701b;p=thirdparty%2Fbinutils-gdb.git

Re: windres: buffer overflow in bin_to_res_toolbar

Commit 9e68cae4fdfb broke the check I added in commit 4846e543de95.
Add missing "return NULL".
---

diff --git a/binutils/resbin.c b/binutils/resbin.c
index 1698e144d50..65bdb3499e2 100644
--- a/binutils/resbin.c
+++ b/binutils/resbin.c
@@ -1460,7 +1460,10 @@ bin_to_res_toolbar (windres_bfd *wrbfd, const bfd_byte *data,
     it = (rc_toolbar_item *) res_alloc (sizeof (rc_toolbar_item));
     it->id.named = 0;
     if (length < 4)
-      toosmall (_("toolbar item"));
+      {
+	toosmall (_("toolbar item"));
+	return NULL;
+      }
     it->id.u.id = (int) windres_get_32 (wrbfd, data, 4);
     it->prev = it->next = NULL;
     data += 4;