aboutsummaryrefslogtreecommitdiff
path: root/bfd
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2020-07-15 11:09:59 +0100
committerNick Clifton <nickc@redhat.com>2020-07-15 11:09:59 +0100
commit4fd8d5856435ff84de1f181381fc51754285af6f (patch)
tree79347458234713500cdf06bc7efd647b47f2eaf0 /bfd
parent52781cce795439ce5055ee9b8a8c7bc6f92b7b72 (diff)
downloadgdb-4fd8d5856435ff84de1f181381fc51754285af6f.zip
gdb-4fd8d5856435ff84de1f181381fc51754285af6f.tar.gz
gdb-4fd8d5856435ff84de1f181381fc51754285af6f.tar.bz2
Fix an illegal memory access in the BFD library which can be triggered by attempting to parse a corrupt PE format file.
PR26240 * coffgen.c (coff_get_normalized_symtab): Fix off-by-one error in check for aux entries that overflow the buufer.
Diffstat (limited to 'bfd')
-rw-r--r--bfd/ChangeLog6
-rw-r--r--bfd/coffgen.c2
2 files changed, 7 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 321e2e0..1337645 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2020-07-15 Nick Clifton <nickc@redhat.com>
+
+ PR26240
+ * coffgen.c (coff_get_normalized_symtab): Fix off-by-one error in
+ check for aux entries that overflow the buufer.
+
2020-07-15 Hans-Peter Nilsson <hp@bitrange.com>
* elf64-mmix.c (mmix_elf_relax_section): Improve accounting for
diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index d49b2ff..0a26972 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1814,7 +1814,7 @@ coff_get_normalized_symtab (bfd *abfd)
internal_ptr->is_sym = TRUE;
/* PR 17512: Prevent buffer overrun. */
- if (symbol_ptr->u.syment.n_numaux > (raw_end - raw_src) / symesz)
+ if (symbol_ptr->u.syment.n_numaux > ((raw_end - 1) - raw_src) / symesz)
{
bfd_release (abfd, internal);
return NULL;