aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2021-01-05 13:17:24 +1030
committerAlan Modra <amodra@gmail.com>2021-01-05 13:29:07 +1030
commitde6a7ee4bd18b7812ee5ff9abb62e2889daa501b (patch)
tree0264e74adc87937ae7d98e422a5d4c798df1e197
parent18b9872261b950a8d10a4ae6ccb8f2acdaebc3e6 (diff)
downloadgdb-de6a7ee4bd18b7812ee5ff9abb62e2889daa501b.zip
gdb-de6a7ee4bd18b7812ee5ff9abb62e2889daa501b.tar.gz
gdb-de6a7ee4bd18b7812ee5ff9abb62e2889daa501b.tar.bz2
asan: heap buffer overflow in _bfd_vms_slurp_egsd
* vms-alpha.c (_bfd_vms_slurp_egsd): Read flags after size check.
-rw-r--r--bfd/ChangeLog4
-rw-r--r--bfd/vms-alpha.c3
2 files changed, 5 insertions, 2 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 20ccea5..4eda3a1 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,7 @@
+2021-01-05 Alan Modra <amodra@gmail.com>
+
+ * vms-alpha.c (_bfd_vms_slurp_egsd): Read flags after size check.
+
2021-01-05 Nelson Chu <nelson.chu@sifive.com>
* elfnn-riscv.c (allocate_dynrelocs): When we are generating pde,
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 2c0e812..72d89e5 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -1394,14 +1394,13 @@ _bfd_vms_slurp_egsd (bfd *abfd)
flagword old_flags;
unsigned int nameoff = offsetof (struct vms_egst, namlng);
- old_flags = bfd_getl16 (egst->header.flags);
-
if (nameoff >= gsd_size)
goto too_small;
entry = add_symbol (abfd, &egst->namlng, gsd_size - nameoff);
if (entry == NULL)
return FALSE;
+ old_flags = bfd_getl16 (egst->header.flags);
entry->typ = gsd_type;
entry->data_type = egst->header.datyp;
entry->flags = old_flags;