From: Alan Modra <amodra@gmail.com>
Date: Fri, 17 Jan 2025 08:30:41 +0000 (+1030)
Subject: buffer overflow in cmdline_add_object_only_section
X-Git-Tag: binutils-2_44~64
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e2b02acd77a38f372a17e2f039a04afaecffc212;p=thirdparty%2Fbinutils-gdb.git

buffer overflow in cmdline_add_object_only_section

Seen running ld-plugin/lto-4r-c on x86_64-w64-mingw32

	* ldlang.c (cmdline_add_object_only_section): Allocate one more
	for output symbol buffer.
---

diff --git a/ld/ldlang.c b/ld/ldlang.c
index cf4294d7288..2e82eef61fe 100644
--- a/ld/ldlang.c
+++ b/ld/ldlang.c
@@ -10728,7 +10728,7 @@ cmdline_add_object_only_section (bfd_byte *contents, size_t size)
       long src_count = 0, dst_count = 0;
       asymbol **from, **to;
 
-      osympp = (asymbol **) xmalloc (symcount * sizeof (asymbol *));
+      osympp = xmalloc ((symcount + 1) * sizeof (asymbol *));
       from = isympp;
       to = osympp;
       for (; src_count < symcount; src_count++)