From c38c6234f2b2425431d28449f609172aa2de549c Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Wed, 5 May 2021 13:33:00 +0930
Subject: asan: stack-buffer-overflow vms-lib.c:367

	* vms-lib.c (vms_traverse_index): Account for vms_kbn size when
	sanity checking keylen.
---
 bfd/vms-lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'bfd/vms-lib.c')

diff --git a/bfd/vms-lib.c b/bfd/vms-lib.c
index dc23df3..55e6130 100644
--- a/bfd/vms-lib.c
+++ b/bfd/vms-lib.c
@@ -357,7 +357,7 @@ vms_traverse_index (bfd *abfd, unsigned int vbn, struct carsym_mem *cs,
 		    return false;
 		  kbn = (struct vms_kbn *)(kblk + koff);
 		  klen = bfd_getl16 (kbn->keylen);
-		  if (klen > sizeof (kblk) - koff)
+		  if (klen > sizeof (kblk) - sizeof (struct vms_kbn) - koff)
 		    return false;
 		  kvbn = bfd_getl32 (kbn->rfa.vbn);
 		  koff = bfd_getl16 (kbn->rfa.offset);
-- 
cgit v1.1