diff options
| author | Alan Modra <amodra@gmail.com> | 2021-02-24 10:52:47 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2021-02-24 10:55:36 +1030 |
| commit | 93af1b046b76380c1b06940c31581c30001d27de (patch) | |
| tree | cd86936e3cedf5978ad79004fe327d2d3b8f6cdf /bfd/coff-stgo32.c | |
| parent | 8139dc77d9f7ff8d94f9d14d78654afc51b83c60 (diff) | |
| download | gdb-93af1b046b76380c1b06940c31581c30001d27de.zip gdb-93af1b046b76380c1b06940c31581c30001d27de.tar.gz gdb-93af1b046b76380c1b06940c31581c30001d27de.tar.bz2 | |
PR27459, segmentation fault in go32exe_check_format
PR 27459
* coff-stgo32.c (go32exe_check_format): Sanity check size of
header to avoid a buffer overflow.
Diffstat (limited to 'bfd/coff-stgo32.c')
| -rw-r--r-- | bfd/coff-stgo32.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/bfd/coff-stgo32.c b/bfd/coff-stgo32.c index 7ae9419..7593b62 100644 --- a/bfd/coff-stgo32.c +++ b/bfd/coff-stgo32.c @@ -304,7 +304,9 @@ go32exe_check_format (bfd *abfd) /* Confirm that this is a go32stub. */ header_end = H_GET_16 (abfd, filehdr_dos.e_cparhdr) * 16UL; - if (! CONST_STRNEQ (go32exe_temp_stub + header_end, "go32stub")) + if (go32exe_temp_stub_size < header_end + || go32exe_temp_stub_size - header_end < sizeof "go32stub" - 1 + || !CONST_STRNEQ (go32exe_temp_stub + header_end, "go32stub")) goto fail_format; /* Set origin to where the COFF header starts and seek there. */ |