diff options
| author | Nick Clifton <nickc@redhat.com> | 2022-12-05 14:57:17 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2022-12-05 14:57:17 +0000 |
| commit | 3bf5bf547a2ffdbd702804b95b3218040ac470dc (patch) | |
| tree | 9a9b30b5263f3573a41ca857c67d68dac7b102a5 /ld | |
| parent | 76a2bcc6b8b07ddfd5093773c4b5fd8e54752fbc (diff) | |
| download | binutils-3bf5bf547a2ffdbd702804b95b3218040ac470dc.zip binutils-3bf5bf547a2ffdbd702804b95b3218040ac470dc.tar.gz binutils-3bf5bf547a2ffdbd702804b95b3218040ac470dc.tar.bz2 | |
Prevent an illegal memory access when comparing the prefix of a section name regexp.
PR 29849
* ldlang.c (spec_match): Check that there is sufficient length in
the target name to match the spec's prefix.
Diffstat (limited to 'ld')
| -rw-r--r-- | ld/ChangeLog | 6 | ||||
| -rw-r--r-- | ld/ldlang.c | 26 |
2 files changed, 27 insertions, 5 deletions
diff --git a/ld/ChangeLog b/ld/ChangeLog index 8f0528f..e8dc090 100644 --- a/ld/ChangeLog +++ b/ld/ChangeLog @@ -1,3 +1,9 @@ +2022-12-05 Nick Clifton <nickc@redhat.com> + + PR 29849 + * ldlang.c (spec_match): Check that there is sufficient length in + the target name to match the spec's prefix. + 2022-11-03 Nick Clifton <nickc@redhat.com> PR 29748 diff --git a/ld/ldlang.c b/ld/ldlang.c index d873adb..7829f86 100644 --- a/ld/ldlang.c +++ b/ld/ldlang.c @@ -223,23 +223,39 @@ spec_match (const struct wildcard_spec *spec, const char *name) size_t nl = spec->namelen; size_t pl = spec->prefixlen; size_t sl = spec->suffixlen; + size_t inputlen = strlen (name); int r; - if (pl && (r = memcmp (spec->name, name, pl))) - return r; + + if (pl) + { + if (inputlen < pl) + return 1; + + r = memcmp (spec->name, name, pl); + if (r) + return r; + } + if (sl) { - size_t inputlen = strlen (name); if (inputlen < sl) return 1; + r = memcmp (spec->name + nl - sl, name + inputlen - sl, sl); if (r) return r; } + if (nl == pl + sl + 1 && spec->name[pl] == '*') return 0; - else if (nl > pl) + + if (nl > pl) return fnmatch (spec->name + pl, name + pl, 0); - return name[nl]; + + if (inputlen >= nl) + return name[nl]; + + return 0; } static char * |