asan: heap buffer overflow in _bfd_vms_slurp_egsd

* vms-alpha.c (_bfd_vms_slurp_egsd): Read flags after size check.
2021-01-05 13:17:24 +10:30
parent 18b9872261
commit de6a7ee4bd
2 changed files with 5 additions and 2 deletions
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,7 @@
+2021-01-05  Alan Modra  <amodra@gmail.com>
+
+	* vms-alpha.c (_bfd_vms_slurp_egsd): Read flags after size check.
+
 2021-01-05  Nelson Chu  <nelson.chu@sifive.com>

 	* elfnn-riscv.c (allocate_dynrelocs): When we are generating pde,
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -1394,14 +1394,13 @@ _bfd_vms_slurp_egsd (bfd *abfd)
 	    flagword old_flags;
 	    unsigned int nameoff = offsetof (struct vms_egst, namlng);

-	    old_flags = bfd_getl16 (egst->header.flags);
-
 	    if (nameoff >= gsd_size)
 	      goto too_small;
 	    entry = add_symbol (abfd, &egst->namlng, gsd_size - nameoff);
 	    if (entry == NULL)
 	      return FALSE;

+	    old_flags = bfd_getl16 (egst->header.flags);
 	    entry->typ = gsd_type;
 	    entry->data_type = egst->header.datyp;
 	    entry->flags = old_flags;