* asan: buffer overflow in mmo_get_symbols
@ 2021-12-17 5:43 Alan Modra
2021-12-17 22:44 ` Hans-Peter Nilsson
0 siblings, 1 reply; 3+ messages in thread
From: Alan Modra @ 2021-12-17 5:43 UTC (permalink / raw)
To: binutils
* mmo.c (mmo_get_symbols): Error on symbol name exceeding max length.
diff --git a/bfd/mmo.c b/bfd/mmo.c
index 2ee386662a4..d80cb06f746 100644
--- a/bfd/mmo.c
+++ b/bfd/mmo.c
@@ -1411,6 +1411,16 @@ SUBSECTION
c = c2;
}
+ if (abfd->tdata.mmo_data->symbol_position
+ >= abfd->tdata.mmo_data->max_symbol_length)
+ {
+ _bfd_error_handler
+ /* xgettext:c-format */
+ (_("%pB: symbol name exceeds given max length of %d"),
+ abfd, abfd->tdata.mmo_data->max_symbol_length);
+ abfd->tdata.mmo_data->have_error = true;
+ return false;
+ }
abfd->tdata.mmo_data->lop_stab_symbol[abfd->tdata.mmo_data->symbol_position++] = c;
abfd->tdata.mmo_data->lop_stab_symbol[abfd->tdata.mmo_data->symbol_position] = 0;
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: asan: buffer overflow in mmo_get_symbols
2021-12-17 5:43 asan: buffer overflow in mmo_get_symbols Alan Modra
@ 2021-12-17 22:44 ` Hans-Peter Nilsson
2021-12-18 0:13 ` Alan Modra
0 siblings, 1 reply; 3+ messages in thread
From: Hans-Peter Nilsson @ 2021-12-17 22:44 UTC (permalink / raw)
To: Alan Modra; +Cc: binutils
On Fri, 17 Dec 2021, Alan Modra via Binutils wrote:
> * mmo.c (mmo_get_symbols): Error on symbol name exceeding max length.
Wonderful!
brgds, H-P
PS. What blob is the test-case? Is it one of those oss-fuzz thingies?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: asan: buffer overflow in mmo_get_symbols
2021-12-17 22:44 ` Hans-Peter Nilsson
@ 2021-12-18 0:13 ` Alan Modra
0 siblings, 0 replies; 3+ messages in thread
From: Alan Modra @ 2021-12-18 0:13 UTC (permalink / raw)
To: Hans-Peter Nilsson; +Cc: binutils
On Fri, Dec 17, 2021 at 05:44:12PM -0500, Hans-Peter Nilsson wrote:
> On Fri, 17 Dec 2021, Alan Modra via Binutils wrote:
> > * mmo.c (mmo_get_symbols): Error on symbol name exceeding max length.
>
> Wonderful!
>
> brgds, H-P
> PS. What blob is the test-case? Is it one of those oss-fuzz thingies?
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42442
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-12-18 0:13 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-17 5:43 asan: buffer overflow in mmo_get_symbols Alan Modra
2021-12-17 22:44 ` Hans-Peter Nilsson
2021-12-18 0:13 ` Alan Modra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).