espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-17 07:53:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential buffer overrun in objcopy's note merging code.

Browse Source 
* objcopy.c (merge_gnu_build_notes): Allow for the possibility
	that the new notes might actually be larger than the original
	notes.
This commit is contained in:
Nick Clifton
2019-11-21 10:54:20 +00:00
parent 73d5efd7e1
commit f76d79580e
2 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
binutils/objcopy.c
View File

@ -2460,7 +2460,9 @@ merge_gnu_build_notes (bfd * abfd,
bfd_vma prev_start = 0;
bfd_vma prev_end = 0;
new = new_contents = xmalloc (size);
/* Not sure how, but the notes might grow in size.
(eg see PR 1774507). Allow for this here. */
new = new_contents = xmalloc (size * 2);
for (pnote = pnotes, old = contents;
pnote < pnotes_end;
pnote ++)
@ -2527,8 +2529,11 @@ merge_gnu_build_notes (bfd * abfd,
#endif
new_size = new - new_contents;
memcpy (contents, new_contents, new_size);
size = new_size;
if (new_size < size)
{
memcpy (contents, new_contents, new_size);
size = new_size;
}
free (new_contents);
done: