From 012d44268695f1c5d4e2e019c610c8b99bd7e553 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Tue, 16 Mar 2021 12:44:50 +0000
Subject: Fix a potential buffer overrun qwhen writing out PE aux entries.

	* peXXigen.c (_bfd_XXi_swap_aux_out): Avoid potential buffer
	overrun by using sizeof of the destination x_fname field as the
	limit for a memcpy.

	* coff/internal.h (struct internal_auxent): Fix a couple of typos
	in comment describing the x_fname field.
---
 bfd/ChangeLog  | 6 ++++++
 bfd/peXXigen.c | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

(limited to 'bfd')

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 70203b1..2bea062 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2021-03-16  Nick Clifton  <nickc@redhat.com>
+
+	* peXXigen.c (_bfd_XXi_swap_aux_out): Avoid potential buffer
+	overrun by using sizeof of the destination x_fname field as the
+	limit for a memcpy.
+
 2021-03-16  Kuan-Lin Chen  <kuanlinchentw@gmail.com>
 
 	* elfxx-riscv.c (riscv_std_z_ext_strtab): Add zba, zbb and zbc.
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c
index 83bbac5..b370672 100644
--- a/bfd/peXXigen.c
+++ b/bfd/peXXigen.c
@@ -380,7 +380,7 @@ _bfd_XXi_swap_aux_out (bfd *  abfd,
 	  H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
 	}
       else
-	memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
+	memcpy (ext->x_file.x_fname, in->x_file.x_fname, sizeof (ext->x_file.x_fname));
 
       return AUXESZ;
 
-- 
cgit v1.1