From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@gmail.com>
Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com
 [IPv6:2607:f8b0:4864:20::1036])
 by sourceware.org (Postfix) with ESMTPS id 50FCF3858D1E
 for <binutils@sourceware.org>; Fri, 28 Jan 2022 06:25:20 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 50FCF3858D1E
Received: by mail-pj1-x1036.google.com with SMTP id
 o16-20020a17090aac1000b001b62f629953so2646903pjq.3
 for <binutils@sourceware.org>; Thu, 27 Jan 2022 22:25:20 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:from:to:subject:message-id:mime-version
 :content-disposition;
 bh=AOJsRO5zegjOq8pTAAv1U0nXlJmMjz+345Rv0nKIro4=;
 b=r/FigP1ugijVLPaSsSCiotBtQJZmmIQ5tqE3oC1/RpyyPhsrqmFxW9YyUN1F4DiwaS
 WAgZ6TLcDJTDhi34MpAM8VDyND2K/yDbZSpOFpiUljNwaY0SD/Ux5+iu+ojOXsfuqBRF
 jeJKq0N1y+Pn8oXMSlXVjdcUTHwW6n5uHnZb6sK83nWKpxjADa4/iCvgMSv43mKjRYUF
 pFt5W8XVLLrE73tZ3bV8CB7rvbwMKbVG1iUE4N68vkF324ZCA0IzjrbDGwcXdj+nM2T4
 LyCbNWzsS9z6IPGmae5KheJ1GvndIEMmOibRaT2gaKD0pX3biHvZ1mRJ+0jXQUrdvkxT
 UWtQ==
X-Gm-Message-State: AOAM532m04WHa3MzBqOoT5MeTvFOcYcOTiv57y3SJheDv9koXwm8FDKn
 zPlrEpOG4H9lxs9Cyotoqp0s90crxiI=
X-Google-Smtp-Source: ABdhPJy7P/G+K33z2+wjQCE5ZHgMs1YuNTGYv0YwW1F22q4m0iHrxF6qfJI3jdgTWAzQEKYY9k3BXA==
X-Received: by 2002:a17:90b:1a91:: with SMTP id
 ng17mr253224pjb.115.1643351117836; 
 Thu, 27 Jan 2022 22:25:17 -0800 (PST)
Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au.
 [58.96.106.158])
 by smtp.gmail.com with ESMTPSA id s15sm8217916pfg.145.2022.01.27.22.25.16
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 27 Jan 2022 22:25:16 -0800 (PST)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
 id F1DC61140AB2; Fri, 28 Jan 2022 16:55:13 +1030 (ACDT)
Date: Fri, 28 Jan 2022 16:55:13 +1030
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: PR28753, buffer overflow in read_section_stabs_debugging_info
Message-ID: <YfOMSaIDgUXTEwUC@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-3038.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jan 2022 06:25:23 -0000

	PR 28753
	* rddbg.c (read_section_stabs_debugging_info): Don't read past
	end of section when concatentating stab strings.

diff --git a/binutils/rddbg.c b/binutils/rddbg.c
index 42605b83d1a..169c52f4983 100644
--- a/binutils/rddbg.c
+++ b/binutils/rddbg.c
@@ -210,7 +210,7 @@ read_section_stabs_debugging_info (bfd *abfd, asymbol **syms, long symcount,
 		     an attempt to read the byte before 'strings' would occur.  */
 		  while ((len = strlen (s)) > 0
 			 && s[len  - 1] == '\\'
-			 && stab + 12 < stabs + stabsize)
+			 && stab + 16 <= stabs + stabsize)
 		    {
 		      char *p;
 

-- 
Alan Modra
Australia Development Lab, IBM