Toolchain/binutils-gdb
1
0
Fork 0
forked from Imagelibrary/binutils-gdb
Code Pull Requests Activity

bfd_get_symbol_leading_char vs. ""

Browse Source 
Some places matching the first char of a string against
bfd_get_symbol_leading_char, which may be zero, didn't check for the
string being "".  This patch adds the check to stop accesses past the
end of the string and potential buffer overruns.
The dlltool one was found by oss-fuzz quite a while ago.

bfd/
	* cofflink.c (_bfd_coff_link_input_bfd): Ensure a zero
	bfd_get_symbol_leading_char doesn't lead to accessing past the
	zero string terminator.
	* linker.c (bfd_wrapped_link_hash_lookup): Likewise.
	(unwrap_hash_lookup): Likewise.
binutils/
	* dlltool.c (scan_filtered_symbols): Ensure a zero
	bfd_get_symbol_leading_char doesn't lead to accessing past the
	zero string terminator.
This commit is contained in:
Alan Modra
2023-08-22 21:13:41 +09:30
parent e2ce77cd63
commit 8c8145a43e
3 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
bfd/linker.c
View File

@@ -544,7 +544,9 @@ bfd_wrapped_link_hash_lookup (bfd *abfd,
char prefix = '\0';
l = string;
if (*l == bfd_get_symbol_leading_char (abfd) || *l == info->wrap_char)
if (*l
&& (*l == bfd_get_symbol_leading_char (abfd)
|| *l == info->wrap_char))
{
prefix = *l;
++l;
@@ -621,8 +623,9 @@ unwrap_hash_lookup (struct bfd_link_info *info,
{
const char *l = h->root.string;
if (*l == bfd_get_symbol_leading_char (input_bfd)
|| *l == info->wrap_char)
if (*l
&& (*l == bfd_get_symbol_leading_char (input_bfd)
|| *l == info->wrap_char))
++l;
if (startswith (l, WRAP))