diff options
author | Nick Clifton <nickc@redhat.com> | 2017-08-18 08:45:12 +0100 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2017-08-18 08:45:12 +0100 |
commit | de25939739ffe9a9ad7cec07a35bb2a1e430fe39 (patch) | |
tree | c7e12ad2404cac942ea6fadedbbcb5468b496464 | |
parent | dd66b39984d2b8a24b97638d65eef5cfd7dcbc5a (diff) | |
download | fsf-binutils-gdb-de25939739ffe9a9ad7cec07a35bb2a1e430fe39.zip fsf-binutils-gdb-de25939739ffe9a9ad7cec07a35bb2a1e430fe39.tar.gz fsf-binutils-gdb-de25939739ffe9a9ad7cec07a35bb2a1e430fe39.tar.bz2 |
Fix buffer overrun parsing a corrupt tekhex binary.
PR binutils/21962
* tekhex.c (getsym): Fix check for source pointer walking off the
end of the input buffer.
-rw-r--r-- | bfd/ChangeLog | 6 | ||||
-rw-r--r-- | bfd/tekhex.c | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index e1985a4..79dfa1d 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2017-08-18 Nick Clifton <nickc@redhat.com> + + PR binutils/21962 + * tekhex.c (getsym): Fix check for source pointer walking off the + end of the input buffer. + 2017-08-17 Szabolcs Nagy <szabolcs.nagy@arm.com> PR ld/18808 diff --git a/bfd/tekhex.c b/bfd/tekhex.c index 1d605d5..cb4b624 100644 --- a/bfd/tekhex.c +++ b/bfd/tekhex.c @@ -307,7 +307,7 @@ getsym (char *dstp, char **srcp, unsigned int *lenp, char * endp) len = hex_value (*src++); if (len == 0) len = 16; - for (i = 0; i < len && src < endp; i++) + for (i = 0; i < len && (src + i) < endp; i++) dstp[i] = src[i]; dstp[i] = 0; *srcp = src + i; |