$NetBSD: patch-bfd_coffcode.h,v 1.1 2022/12/11 16:43:11 fcambus Exp $ Fix for CVE-2022-38533: heap buffer overflow in strip (Binutils PR29482). Upstream commit ef186fe54aa6d281a3ff8a9528417e5cc614c797. --- bfd/coffcode.h.orig 2022-07-08 09:46:47.000000000 +0000 +++ bfd/coffcode.h @@ -4284,10 +4284,13 @@ coff_set_section_contents (bfd * abfd, rec = (bfd_byte *) location; recend = rec + count; - while (rec < recend) + while (recend - rec >= 4) { + size_t len = bfd_get_32 (abfd, rec); + if (len == 0 || len > (size_t) (recend - rec) / 4) + break; + rec += len * 4; ++section->lma; - rec += bfd_get_32 (abfd, rec) * 4; } BFD_ASSERT (rec == recend);