asan: alpha-vms: buffer overflow

* vms-misc.c (_bfd_vms_save_counted_string): Count length byte towards maxlen.
author: Alan Modra <amodra@gmail.com> 2020-10-25 22:21:45 +1030
committer: Alan Modra <amodra@gmail.com> 2020-10-25 22:25:45 +1030
commit: 0c70050a4bb65c6159dc7d65c1fba253c97837c8 (patch)
tree: 3969801891593d686e063402df43a645b19ed5c7
parent: 46907955397b771b313ea0e1f38ec0f49c8fabf9 (diff)
download: fsf-binutils-gdb-0c70050a4bb65c6159dc7d65c1fba253c97837c8.zip
fsf-binutils-gdb-0c70050a4bb65c6159dc7d65c1fba253c97837c8.tar.gz
fsf-binutils-gdb-0c70050a4bb65c6159dc7d65c1fba253c97837c8.tar.bz2
2 files changed, 10 insertions, 2 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 194241b..931d445 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2020-10-25  Alan Modra  <amodra@gmail.com>
+
+	* vms-misc.c (_bfd_vms_save_counted_string): Count length byte
+	towards maxlen.
+
 2020-10-20  Dr. David Alan Gilbert  <dgilbert@redhat.com>
 
 	* po/es.po: Fix printf format.
diff --git a/bfd/vms-misc.c b/bfd/vms-misc.c
index 0826456..70dd003 100644
--- a/bfd/vms-misc.c
+++ b/bfd/vms-misc.c
@@ -163,9 +163,12 @@ _bfd_vms_save_sized_string (bfd *abfd, unsigned char *str, size_t size)
 char *
 _bfd_vms_save_counted_string (bfd *abfd, unsigned char *ptr, size_t maxlen)
 {
-  unsigned int len = *ptr++;
+  unsigned int len;
 
-  if (len > maxlen)
+  if (maxlen == 0)
+    return NULL;
+  len = *ptr++;
+  if (len >  maxlen - 1)
     return NULL;
   return _bfd_vms_save_sized_string (abfd, ptr, len);
 }
author	Alan Modra <amodra@gmail.com>	2020-10-25 22:21:45 +1030
committer	Alan Modra <amodra@gmail.com>	2020-10-25 22:25:45 +1030
commit	0c70050a4bb65c6159dc7d65c1fba253c97837c8 (patch)
tree	3969801891593d686e063402df43a645b19ed5c7
parent	46907955397b771b313ea0e1f38ec0f49c8fabf9 (diff)
download	fsf-binutils-gdb-0c70050a4bb65c6159dc7d65c1fba253c97837c8.zip fsf-binutils-gdb-0c70050a4bb65c6159dc7d65c1fba253c97837c8.tar.gz fsf-binutils-gdb-0c70050a4bb65c6159dc7d65c1fba253c97837c8.tar.bz2