Fix an illegal memory access when parsing a corrupt VMS Alpha file.

PR 29848 * vms-alpha.c (parse_module): Fix potential out of bounds memory access.
author: Nick Clifton <nickc@redhat.com> 2022-12-05 11:11:44 +0000
committer: Nick Clifton <nickc@redhat.com> 2022-12-05 11:11:44 +0000
commit: 942fa4fb32738ecbb447546d54f1e5f0312d2ed4 (patch)
tree: f3e1e8e4cb2ed4644df8fbe5032fdd99bac8d834 /bfd
parent: ecfbeec8d0a7687a6464caa088b2283b30a25d7e (diff)
download: gdb-942fa4fb32738ecbb447546d54f1e5f0312d2ed4.zip
gdb-942fa4fb32738ecbb447546d54f1e5f0312d2ed4.tar.gz
gdb-942fa4fb32738ecbb447546d54f1e5f0312d2ed4.tar.bz2
2 files changed, 7 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index eee5d42..ee8eaf0 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2022-12-05  Nick Clifton  <nickc@redhat.com>
+
+	PR 29848
+	* vms-alpha.c (parse_module): Fix potential out of bounds memory
+	access.
+
 2022-12-01  Nick Clifton  <nickc@redhat.com>
 
 	PR 25202
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 9531953..c0eb5bc 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -4366,7 +4366,7 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
     return false;
   module->line_table = curr_line;
 
-  while (length == -1 || ptr < maxptr)
+  while (length == -1 || (ptr + 3) < maxptr)
     {
       /* The first byte is not counted in the recorded length.  */
       int rec_length = bfd_getl16 (ptr) + 1;
author	Nick Clifton <nickc@redhat.com>	2022-12-05 11:11:44 +0000
committer	Nick Clifton <nickc@redhat.com>	2022-12-05 11:11:44 +0000
commit	942fa4fb32738ecbb447546d54f1e5f0312d2ed4 (patch)
tree	f3e1e8e4cb2ed4644df8fbe5032fdd99bac8d834 /bfd
parent	ecfbeec8d0a7687a6464caa088b2283b30a25d7e (diff)
download	gdb-942fa4fb32738ecbb447546d54f1e5f0312d2ed4.zip gdb-942fa4fb32738ecbb447546d54f1e5f0312d2ed4.tar.gz gdb-942fa4fb32738ecbb447546d54f1e5f0312d2ed4.tar.bz2