diff options
| author | Alan Modra <amodra@gmail.com> | 2021-02-24 10:52:47 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2021-02-24 10:55:36 +1030 |
| commit | 93af1b046b76380c1b06940c31581c30001d27de (patch) | |
| tree | cd86936e3cedf5978ad79004fe327d2d3b8f6cdf /bfd | |
| parent | 8139dc77d9f7ff8d94f9d14d78654afc51b83c60 (diff) | |
| download | gdb-93af1b046b76380c1b06940c31581c30001d27de.zip gdb-93af1b046b76380c1b06940c31581c30001d27de.tar.gz gdb-93af1b046b76380c1b06940c31581c30001d27de.tar.bz2 | |
PR27459, segmentation fault in go32exe_check_format
PR 27459
* coff-stgo32.c (go32exe_check_format): Sanity check size of
header to avoid a buffer overflow.
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/ChangeLog | 6 | ||||
| -rw-r--r-- | bfd/coff-stgo32.c | 4 |
2 files changed, 9 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 7a41a14..52d9bf2 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2021-02-24 Alan Modra <amodra@gmail.com> + + PR 27459 + * coff-stgo32.c (go32exe_check_format): Sanity check size of + header to avoid a buffer overflow. + 2021-02-22 Alan Modra <amodra@gmail.com> * coff-rs6000.c (_bfd_xcoff_reloc_type_lookup): Remove BFD_RELOC_16. diff --git a/bfd/coff-stgo32.c b/bfd/coff-stgo32.c index 7ae9419..7593b62 100644 --- a/bfd/coff-stgo32.c +++ b/bfd/coff-stgo32.c @@ -304,7 +304,9 @@ go32exe_check_format (bfd *abfd) /* Confirm that this is a go32stub. */ header_end = H_GET_16 (abfd, filehdr_dos.e_cparhdr) * 16UL; - if (! CONST_STRNEQ (go32exe_temp_stub + header_end, "go32stub")) + if (go32exe_temp_stub_size < header_end + || go32exe_temp_stub_size - header_end < sizeof "go32stub" - 1 + || !CONST_STRNEQ (go32exe_temp_stub + header_end, "go32stub")) goto fail_format; /* Set origin to where the COFF header starts and seek there. */ |