Toolchain/binutils-gdb
1
0
Fork 0
forked from Imagelibrary/binutils-gdb
Code Pull Requests Activity

asan: aout: heap buffer overflow

Browse Source 
* aoutx.h (aout_get_external_symbols): Sanity check before writing
	zero index entry.  Remove outdated comment.
	* pdp11.c (aout_get_external_symbols): Likewise.
This commit is contained in:
Alan Modra
2021-10-23 11:27:14 +10:30
parent 560b3fe208
commit 3f9661f12a
2 changed files with 4 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
bfd/aoutx.h
View File

@@ -1353,8 +1353,6 @@ aout_get_external_symbols (bfd *abfd)
if (stringsize >= BYTES_IN_WORD)
{
/* Keep the string count in the buffer for convenience
when indexing with e_strx. */
amt = stringsize - BYTES_IN_WORD;
if (bfd_bread (strings + BYTES_IN_WORD, amt, abfd) != amt)
{
@@ -1364,7 +1362,8 @@ aout_get_external_symbols (bfd *abfd)
}
}
/* Ensure that a zero index yields an empty string. */
memset (strings, 0, BYTES_IN_WORD);
if (stringsize >= BYTES_IN_WORD)
memset (strings, 0, BYTES_IN_WORD);
/* Ensure that the string buffer is NUL terminated. */
strings[stringsize] = 0;

5
bfd/pdp11.c
View File

@@ -1333,8 +1333,6 @@ aout_get_external_symbols (bfd *abfd)
if (stringsize >= BYTES_IN_LONG)
{
/* Keep the string count in the buffer for convenience
when indexing with e_strx. */
amt = stringsize - BYTES_IN_LONG;
if (bfd_bread (strings + BYTES_IN_LONG, amt, abfd) != amt)
{
@@ -1344,7 +1342,8 @@ aout_get_external_symbols (bfd *abfd)
}
}
/* Ensure that a zero index yields an empty string. */
memset (strings, 0, BYTES_IN_LONG);
if (stringsize >= BYTES_IN_WORD)
memset (strings, 0, BYTES_IN_LONG);
/* Ensure that the string buffer is NUL terminated. */
strings[stringsize] = 0;