diff options
| author | Alan Modra <amodra@gmail.com> | 2023-08-22 21:13:41 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2023-08-23 10:07:45 +0930 |
| commit | 8c8145a43ee4815b8851f8da7091c04f551dff6e (patch) | |
| tree | ba368cb19bfdeb00b9a51e22dd01edafc0ca5859 /bfd/cofflink.c | |
| parent | e2ce77cd639c86ce89b10ee70e73bd09670e0111 (diff) | |
| download | fsf-binutils-gdb-8c8145a43ee4815b8851f8da7091c04f551dff6e.zip fsf-binutils-gdb-8c8145a43ee4815b8851f8da7091c04f551dff6e.tar.gz fsf-binutils-gdb-8c8145a43ee4815b8851f8da7091c04f551dff6e.tar.bz2 | |
bfd_get_symbol_leading_char vs. ""
Some places matching the first char of a string against
bfd_get_symbol_leading_char, which may be zero, didn't check for the
string being "". This patch adds the check to stop accesses past the
end of the string and potential buffer overruns.
The dlltool one was found by oss-fuzz quite a while ago.
bfd/
* cofflink.c (_bfd_coff_link_input_bfd): Ensure a zero
bfd_get_symbol_leading_char doesn't lead to accessing past the
zero string terminator.
* linker.c (bfd_wrapped_link_hash_lookup): Likewise.
(unwrap_hash_lookup): Likewise.
binutils/
* dlltool.c (scan_filtered_symbols): Ensure a zero
bfd_get_symbol_leading_char doesn't lead to accessing past the
zero string terminator.
Diffstat (limited to 'bfd/cofflink.c')
| -rw-r--r-- | bfd/cofflink.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/bfd/cofflink.c b/bfd/cofflink.c index aea5c4c..221f6e8 100644 --- a/bfd/cofflink.c +++ b/bfd/cofflink.c @@ -1618,7 +1618,8 @@ _bfd_coff_link_input_bfd (struct coff_final_link_info *flaginfo, bfd *input_bfd) /* Ignore fake names invented by compiler; treat them all as the same name. */ if (*name == '~' || *name == '.' || *name == '$' - || (*name == bfd_get_symbol_leading_char (input_bfd) + || (*name + && *name == bfd_get_symbol_leading_char (input_bfd) && (name[1] == '~' || name[1] == '.' || name[1] == '$'))) name = ""; |