forked from Imagelibrary/binutils-gdb
asan: heap buffer overflow in _bfd_vms_slurp_egsd
* vms-alpha.c (_bfd_vms_slurp_egsd): Read flags after size check.
This commit is contained in:
Alan Modra
@@ -1,3 +1,7 @@
|
|||||||
|
2021-01-05 Alan Modra <amodra@gmail.com>
|
||||||
|
|
||||||
|
* vms-alpha.c (_bfd_vms_slurp_egsd): Read flags after size check.
|
||||||
|
|
||||||
2021-01-05 Nelson Chu <nelson.chu@sifive.com>
|
2021-01-05 Nelson Chu <nelson.chu@sifive.com>
|
||||||
|
|
||||||
* elfnn-riscv.c (allocate_dynrelocs): When we are generating pde,
|
* elfnn-riscv.c (allocate_dynrelocs): When we are generating pde,
|
||||||
|
|||||||
@@ -1394,14 +1394,13 @@ _bfd_vms_slurp_egsd (bfd *abfd)
|
|||||||
flagword old_flags;
|
flagword old_flags;
|
||||||
unsigned int nameoff = offsetof (struct vms_egst, namlng);
|
unsigned int nameoff = offsetof (struct vms_egst, namlng);
|
||||||
|
|
||||||
old_flags = bfd_getl16 (egst->header.flags);
|
|
||||||
|
|
||||||
if (nameoff >= gsd_size)
|
if (nameoff >= gsd_size)
|
||||||
goto too_small;
|
goto too_small;
|
||||||
entry = add_symbol (abfd, &egst->namlng, gsd_size - nameoff);
|
entry = add_symbol (abfd, &egst->namlng, gsd_size - nameoff);
|
||||||
if (entry == NULL)
|
if (entry == NULL)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
|
old_flags = bfd_getl16 (egst->header.flags);
|
||||||
entry->typ = gsd_type;
|
entry->typ = gsd_type;
|
||||||
entry->data_type = egst->header.datyp;
|
entry->data_type = egst->header.datyp;
|
||||||
entry->flags = old_flags;
|
entry->flags = old_flags;
|
||||||
|
|||||||
Reference in New Issue
Block a user