From 0ffdc37b98964477e70bfd63ca28f374193dcdb2 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Thu, 4 Apr 2024 06:37:18 -0700
Subject: [PATCH] bfd_mmap_local: Check offset and size

Update bfd_mmap_local to return NULL if filesize < offset or filesize -
offset < rsize.

	* libbfd.c (bfd_mmap_local): Validate offset and size against
	the file size.
---
 bfd/libbfd.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/bfd/libbfd.c b/bfd/libbfd.c
index 5126ee207a8..86366e496c5 100644
--- a/bfd/libbfd.c
+++ b/bfd/libbfd.c
@@ -1072,18 +1072,15 @@ static void *
 bfd_mmap_local (bfd *abfd, size_t rsize, int prot, void **map_addr,
 		size_t *map_size)
 {
-  if (!_bfd_constant_p (rsize))
+  ufile_ptr filesize = bfd_get_file_size (abfd);
+  ufile_ptr offset = bfd_tell (abfd);
+  if (filesize < offset || filesize - offset < rsize)
     {
-      ufile_ptr filesize = bfd_get_file_size (abfd);
-      if (filesize != 0 && rsize > filesize)
-	{
-	  bfd_set_error (bfd_error_file_truncated);
-	  return NULL;
-	}
+      bfd_set_error (bfd_error_file_truncated);
+      return NULL;
     }
 
   void *mem;
-  ufile_ptr offset = bfd_tell (abfd);
   mem = bfd_mmap (abfd, NULL, rsize, prot, MAP_PRIVATE, offset,
 		  map_addr, map_size);
   return mem;
-- 
2.39.5