diff options
| author | Alan Modra <amodra@gmail.com> | 2022-08-13 15:32:47 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2022-08-13 15:32:47 +0930 |
| commit | ef186fe54aa6d281a3ff8a9528417e5cc614c797 (patch) | |
| tree | 61ba6e4928b67ebf6948cd35e6afdec4544cfc06 /bfd/coffcode.h | |
| parent | 80075150727d653c39e9d037e15c6b87dcef08cd (diff) | |
| download | gdb-ef186fe54aa6d281a3ff8a9528417e5cc614c797.zip gdb-ef186fe54aa6d281a3ff8a9528417e5cc614c797.tar.gz gdb-ef186fe54aa6d281a3ff8a9528417e5cc614c797.tar.bz2 | |
PR29482 - strip: heap-buffer-overflow
PR 29482
* coffcode.h (coff_set_section_contents): Sanity check _LIB.
Diffstat (limited to 'bfd/coffcode.h')
| -rw-r--r-- | bfd/coffcode.h | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/bfd/coffcode.h b/bfd/coffcode.h index 67aaf15..5202798 100644 --- a/bfd/coffcode.h +++ b/bfd/coffcode.h @@ -4302,10 +4302,13 @@ coff_set_section_contents (bfd * abfd, rec = (bfd_byte *) location; recend = rec + count; - while (rec < recend) + while (recend - rec >= 4) { + size_t len = bfd_get_32 (abfd, rec); + if (len == 0 || len > (size_t) (recend - rec) / 4) + break; + rec += len * 4; ++section->lma; - rec += bfd_get_32 (abfd, rec) * 4; } BFD_ASSERT (rec == recend); |