espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-20 01:50:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential buffer overrun in objcopy's note merging code.

Browse Source 
* objcopy.c (merge_gnu_build_notes): Allow for the possibility
	that the new notes might actually be larger than the original
	notes.
This commit is contained in:
Nick Clifton
2019-11-21 10:54:20 +00:00
parent 73d5efd7e1
commit f76d79580e
2 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
binutils/ChangeLog
View File

@ -1,3 +1,9 @@
2019-11-21 Nick Clifton <nickc@redhat.com>
* objcopy.c (merge_gnu_build_notes): Allow for the possibility
that the new notes might actually be larger than the original
notes.
2019-11-21 Alan Modra <amodra@gmail.com> 2019-11-21 Alan Modra <amodra@gmail.com>
* testsuite/lib/binutils-common.exp (is_pecoff_format): Rewrite * testsuite/lib/binutils-common.exp (is_pecoff_format): Rewrite

7
binutils/objcopy.c
View File

@ -2460,7 +2460,9 @@ merge_gnu_build_notes (bfd * abfd,
bfd_vma prev_start = 0; bfd_vma prev_start = 0;
bfd_vma prev_end = 0; bfd_vma prev_end = 0;
new = new_contents = xmalloc (size); /* Not sure how, but the notes might grow in size.
(eg see PR 1774507). Allow for this here. */
new = new_contents = xmalloc (size * 2);
for (pnote = pnotes, old = contents; for (pnote = pnotes, old = contents;
pnote < pnotes_end; pnote < pnotes_end;
pnote ++) pnote ++)
@ -2527,8 +2529,11 @@ merge_gnu_build_notes (bfd * abfd,
#endif #endif
new_size = new - new_contents; new_size = new - new_contents;
if (new_size < size)
{
memcpy (contents, new_contents, new_size); memcpy (contents, new_contents, new_size);
size = new_size; size = new_size;
}
free (new_contents); free (new_contents);
done: done: