Fix an illegal memory access in the BFD library which can be triggered by an attempt...

author Nick Clifton <nickc@redhat.com>

Wed, 15 Jul 2020 10:15:16 +0000 (11:15 +0100)

committer Nick Clifton <nickc@redhat.com>

Wed, 15 Jul 2020 10:15:16 +0000 (11:15 +0100)
author Nick Clifton <nickc@redhat.com>
Wed, 15 Jul 2020 10:15:16 +0000 (11:15 +0100)
committer Nick Clifton <nickc@redhat.com>
Wed, 15 Jul 2020 10:15:16 +0000 (11:15 +0100)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index fd0f1c7d54d23dd1d8146b5335ffc327c791a396..312df82c4097e40e0328ecfad62edc74ab4a8707 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2020-07-15  Nick Clifton  <nickc@redhat.com>
+
+       PR26240
+       * coffgen.c (coff_get_normalized_symtab): Fix off-by-one error in
+       check for aux entries that overflow the buufer.
+
  2020-07-10  Alan Modra  <amodra@gmail.com>
  
         * elf64-ppc.h (struct ppc64_elf_params): Add power10_stubs.
diff --git a/bfd/coffgen.c b/bfd/coffgen.c

index 3291b693eb0b00f3dd0f3a876c63ab9a3742de40..c10dac2acf51fba93a46e18ddb905423b70eb6d4 100644 (file)
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1814,7 +1814,7 @@ coff_get_normalized_symtab (bfd *abfd)
        internal_ptr->is_sym = TRUE;
  
        /* PR 17512: Prevent buffer overrun.  */
-      if (symbol_ptr->u.syment.n_numaux > (raw_end - raw_src) / symesz)
+      if (symbol_ptr->u.syment.n_numaux > ((raw_end - 1) - raw_src) / symesz)
         {
           bfd_release (abfd, internal);
           return NULL;
author	Nick Clifton <nickc@redhat.com>
	Wed, 15 Jul 2020 10:15:16 +0000 (11:15 +0100)
committer	Nick Clifton <nickc@redhat.com>
	Wed, 15 Jul 2020 10:15:16 +0000 (11:15 +0100)
bfd/ChangeLog		patch \| blob \| blame \| history
bfd/coffgen.c		patch \| blob \| blame \| history