diff options
| author | Nick Clifton <nickc@redhat.com> | 2019-11-21 10:54:20 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2019-11-21 10:54:20 +0000 |
| commit | f76d79580efea856298d9e5b9a91746be875f1b1 (patch) | |
| tree | 7d712ec3a4031e96183930ad7e0747eeed2cd1f6 /binutils/objcopy.c | |
| parent | 73d5efd7e13ebd8fe87278224bc2ae777af3de52 (diff) | |
| download | gdb-f76d79580efea856298d9e5b9a91746be875f1b1.zip gdb-f76d79580efea856298d9e5b9a91746be875f1b1.tar.gz gdb-f76d79580efea856298d9e5b9a91746be875f1b1.tar.bz2 | |
Fix potential buffer overrun in objcopy's note merging code.
* objcopy.c (merge_gnu_build_notes): Allow for the possibility
that the new notes might actually be larger than the original
notes.
Diffstat (limited to 'binutils/objcopy.c')
| -rw-r--r-- | binutils/objcopy.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/binutils/objcopy.c b/binutils/objcopy.c index f682fbe..6e614b1 100644 --- a/binutils/objcopy.c +++ b/binutils/objcopy.c @@ -2460,7 +2460,9 @@ merge_gnu_build_notes (bfd * abfd, bfd_vma prev_start = 0; bfd_vma prev_end = 0; - new = new_contents = xmalloc (size); + /* Not sure how, but the notes might grow in size. + (eg see PR 1774507). Allow for this here. */ + new = new_contents = xmalloc (size * 2); for (pnote = pnotes, old = contents; pnote < pnotes_end; pnote ++) @@ -2527,8 +2529,11 @@ merge_gnu_build_notes (bfd * abfd, #endif new_size = new - new_contents; - memcpy (contents, new_contents, new_size); - size = new_size; + if (new_size < size) + { + memcpy (contents, new_contents, new_size); + size = new_size; + } free (new_contents); done: |