PR22197, buffer overflow in bfd_get_debug_link_info_1

PR 22197 * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is within section bounds.
author: Alan Modra <amodra@gmail.com> 2017-09-24 21:36:18 +0930
committer: Alan Modra <amodra@gmail.com> 2017-09-24 21:40:58 +0930
commit: 52b36c51e5bf6d7600fdc6ba115b170b0e78e31d (patch)
tree: da1de8a8a1c7824e563b7b15d23d2f9c24f00693 /bfd/opncls.c
parent: a26a013f22a19e2c16729e64f40ef8a7dfcc086e (diff)
download: gdb-52b36c51e5bf6d7600fdc6ba115b170b0e78e31d.zip
gdb-52b36c51e5bf6d7600fdc6ba115b170b0e78e31d.tar.gz
gdb-52b36c51e5bf6d7600fdc6ba115b170b0e78e31d.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/bfd/opncls.c b/bfd/opncls.c
index fa54986..8550623 100644
--- a/bfd/opncls.c
+++ b/bfd/opncls.c
@@ -1200,7 +1200,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, void *crc32_out)
   /* PR 17597: avoid reading off the end of the buffer.  */
   crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
   crc_offset = (crc_offset + 3) & ~3;
-  if (crc_offset >= bfd_get_section_size (sect))
+  if (crc_offset + 4 > bfd_get_section_size (sect))
     return NULL;
 
   *crc32 = bfd_get_32 (abfd, contents + crc_offset);
author	Alan Modra <amodra@gmail.com>	2017-09-24 21:36:18 +0930
committer	Alan Modra <amodra@gmail.com>	2017-09-24 21:40:58 +0930
commit	52b36c51e5bf6d7600fdc6ba115b170b0e78e31d (patch)
tree	da1de8a8a1c7824e563b7b15d23d2f9c24f00693 /bfd/opncls.c
parent	a26a013f22a19e2c16729e64f40ef8a7dfcc086e (diff)
download	gdb-52b36c51e5bf6d7600fdc6ba115b170b0e78e31d.zip gdb-52b36c51e5bf6d7600fdc6ba115b170b0e78e31d.tar.gz gdb-52b36c51e5bf6d7600fdc6ba115b170b0e78e31d.tar.bz2