blob: 226190d97e0f5f623245df6e084609dc59d03b2a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
$NetBSD: patch-bfd_coffcode.h,v 1.1 2022/12/11 16:43:11 fcambus Exp $
Fix for CVE-2022-38533: heap buffer overflow in strip (Binutils PR29482).
Upstream commit ef186fe54aa6d281a3ff8a9528417e5cc614c797.
--- bfd/coffcode.h.orig 2022-07-08 09:46:47.000000000 +0000
+++ bfd/coffcode.h
@@ -4284,10 +4284,13 @@ coff_set_section_contents (bfd * abfd,
rec = (bfd_byte *) location;
recend = rec + count;
- while (rec < recend)
+ while (recend - rec >= 4)
{
+ size_t len = bfd_get_32 (abfd, rec);
+ if (len == 0 || len > (size_t) (recend - rec) / 4)
+ break;
+ rec += len * 4;
++section->lma;
- rec += bfd_get_32 (abfd, rec) * 4;
}
BFD_ASSERT (rec == recend);
|
