diff options
author | Alan Modra <amodra@gmail.com> | 2021-01-05 13:17:24 +1030 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2021-01-05 13:29:07 +1030 |
commit | de6a7ee4bd18b7812ee5ff9abb62e2889daa501b (patch) | |
tree | 0264e74adc87937ae7d98e422a5d4c798df1e197 | |
parent | 18b9872261b950a8d10a4ae6ccb8f2acdaebc3e6 (diff) | |
download | gdb-de6a7ee4bd18b7812ee5ff9abb62e2889daa501b.zip gdb-de6a7ee4bd18b7812ee5ff9abb62e2889daa501b.tar.gz gdb-de6a7ee4bd18b7812ee5ff9abb62e2889daa501b.tar.bz2 |
asan: heap buffer overflow in _bfd_vms_slurp_egsd
* vms-alpha.c (_bfd_vms_slurp_egsd): Read flags after size check.
-rw-r--r-- | bfd/ChangeLog | 4 | ||||
-rw-r--r-- | bfd/vms-alpha.c | 3 |
2 files changed, 5 insertions, 2 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 20ccea5..4eda3a1 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,7 @@ +2021-01-05 Alan Modra <amodra@gmail.com> + + * vms-alpha.c (_bfd_vms_slurp_egsd): Read flags after size check. + 2021-01-05 Nelson Chu <nelson.chu@sifive.com> * elfnn-riscv.c (allocate_dynrelocs): When we are generating pde, diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c index 2c0e812..72d89e5 100644 --- a/bfd/vms-alpha.c +++ b/bfd/vms-alpha.c @@ -1394,14 +1394,13 @@ _bfd_vms_slurp_egsd (bfd *abfd) flagword old_flags; unsigned int nameoff = offsetof (struct vms_egst, namlng); - old_flags = bfd_getl16 (egst->header.flags); - if (nameoff >= gsd_size) goto too_small; entry = add_symbol (abfd, &egst->namlng, gsd_size - nameoff); if (entry == NULL) return FALSE; + old_flags = bfd_getl16 (egst->header.flags); entry->typ = gsd_type; entry->data_type = egst->header.datyp; entry->flags = old_flags; |