Re: Bug 23686, two segment faults in nm

The fix for pr23686 had a hole in the reloc address sanity check, the calculation could overflow. Note that stabsize is known to be a non-zero multiple of 12 so stabsize - 4 can't underflow. PR 23686 * syms.c (_bfd_stab_section_find_nearest_line): Correct r->address sanity check.
author: Alan Modra <amodra@gmail.com> 2023-05-20 21:00:25 +0930
committer: Alan Modra <amodra@gmail.com> 2023-05-20 21:06:03 +0930
commit: 0bbd2b1ad0426aee86445cd7f0c86667624da7ca (patch)
tree: cf5429002a2d28ce6b29a803df6e2ea3e4afdc92
parent: cb3f0ff4795381fb19e128a85e258149ebed9cd6 (diff)
download: binutils-0bbd2b1ad0426aee86445cd7f0c86667624da7ca.zip
binutils-0bbd2b1ad0426aee86445cd7f0c86667624da7ca.tar.gz
binutils-0bbd2b1ad0426aee86445cd7f0c86667624da7ca.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/bfd/syms.c b/bfd/syms.c
index 6979096..d756995 100644
--- a/bfd/syms.c
+++ b/bfd/syms.c
@@ -1106,7 +1106,7 @@ _bfd_stab_section_find_nearest_line (bfd *abfd,
 		  || r->howto->pc_relative
 		  || r->howto->bitpos != 0
 		  || r->howto->dst_mask != 0xffffffff
-		  || octets + 4 > stabsize)
+		  || octets > stabsize - 4)
 		{
 		  _bfd_error_handler
 		    (_("unsupported .stab relocation"));
author	Alan Modra <amodra@gmail.com>	2023-05-20 21:00:25 +0930
committer	Alan Modra <amodra@gmail.com>	2023-05-20 21:06:03 +0930
commit	0bbd2b1ad0426aee86445cd7f0c86667624da7ca (patch)
tree	cf5429002a2d28ce6b29a803df6e2ea3e4afdc92
parent	cb3f0ff4795381fb19e128a85e258149ebed9cd6 (diff)
download	binutils-0bbd2b1ad0426aee86445cd7f0c86667624da7ca.zip binutils-0bbd2b1ad0426aee86445cd7f0c86667624da7ca.tar.gz binutils-0bbd2b1ad0426aee86445cd7f0c86667624da7ca.tar.bz2