From 0c70050a4bb65c6159dc7d65c1fba253c97837c8 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Sun, 25 Oct 2020 22:21:45 +1030
Subject: asan: alpha-vms: buffer overflow

	* vms-misc.c (_bfd_vms_save_counted_string): Count length byte
	towards maxlen.
---
 bfd/vms-misc.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'bfd/vms-misc.c')

diff --git a/bfd/vms-misc.c b/bfd/vms-misc.c
index 0826456..70dd003 100644
--- a/bfd/vms-misc.c
+++ b/bfd/vms-misc.c
@@ -163,9 +163,12 @@ _bfd_vms_save_sized_string (bfd *abfd, unsigned char *str, size_t size)
 char *
 _bfd_vms_save_counted_string (bfd *abfd, unsigned char *ptr, size_t maxlen)
 {
-  unsigned int len = *ptr++;
+  unsigned int len;
 
-  if (len > maxlen)
+  if (maxlen == 0)
+    return NULL;
+  len = *ptr++;
+  if (len >  maxlen - 1)
     return NULL;
   return _bfd_vms_save_sized_string (abfd, ptr, len);
 }
-- 
cgit v1.1