public inbox for binutils@sourceware.org
 help / color / mirror / Atom feed
* asan: buffer overflow in mmo_get_symbols
@ 2021-12-17  5:43 Alan Modra
  2021-12-17 22:44 ` Hans-Peter Nilsson
  0 siblings, 1 reply; 3+ messages in thread
From: Alan Modra @ 2021-12-17  5:43 UTC (permalink / raw)
  To: binutils

	* mmo.c (mmo_get_symbols): Error on symbol name exceeding max length.

diff --git a/bfd/mmo.c b/bfd/mmo.c
index 2ee386662a4..d80cb06f746 100644
--- a/bfd/mmo.c
+++ b/bfd/mmo.c
@@ -1411,6 +1411,16 @@ SUBSECTION
 	    c = c2;
 	}
 
+      if (abfd->tdata.mmo_data->symbol_position
+	  >= abfd->tdata.mmo_data->max_symbol_length)
+	{
+	  _bfd_error_handler
+	    /* xgettext:c-format */
+	    (_("%pB: symbol name exceeds given max length of %d"),
+	     abfd, abfd->tdata.mmo_data->max_symbol_length);
+	  abfd->tdata.mmo_data->have_error = true;
+	  return false;
+	}
       abfd->tdata.mmo_data->lop_stab_symbol[abfd->tdata.mmo_data->symbol_position++] = c;
       abfd->tdata.mmo_data->lop_stab_symbol[abfd->tdata.mmo_data->symbol_position] = 0;
 

-- 
Alan Modra
Australia Development Lab, IBM

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: asan: buffer overflow in mmo_get_symbols
  2021-12-17  5:43 asan: buffer overflow in mmo_get_symbols Alan Modra
@ 2021-12-17 22:44 ` Hans-Peter Nilsson
  2021-12-18  0:13   ` Alan Modra
  0 siblings, 1 reply; 3+ messages in thread
From: Hans-Peter Nilsson @ 2021-12-17 22:44 UTC (permalink / raw)
  To: Alan Modra; +Cc: binutils

On Fri, 17 Dec 2021, Alan Modra via Binutils wrote:
> 	* mmo.c (mmo_get_symbols): Error on symbol name exceeding max length.

Wonderful!

brgds, H-P
PS. What blob is the test-case?  Is it one of those oss-fuzz thingies?

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: asan: buffer overflow in mmo_get_symbols
  2021-12-17 22:44 ` Hans-Peter Nilsson
@ 2021-12-18  0:13   ` Alan Modra
  0 siblings, 0 replies; 3+ messages in thread
From: Alan Modra @ 2021-12-18  0:13 UTC (permalink / raw)
  To: Hans-Peter Nilsson; +Cc: binutils

On Fri, Dec 17, 2021 at 05:44:12PM -0500, Hans-Peter Nilsson wrote:
> On Fri, 17 Dec 2021, Alan Modra via Binutils wrote:
> > 	* mmo.c (mmo_get_symbols): Error on symbol name exceeding max length.
> 
> Wonderful!
> 
> brgds, H-P
> PS. What blob is the test-case?  Is it one of those oss-fuzz thingies?

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42442

-- 
Alan Modra
Australia Development Lab, IBM

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-12-18  0:13 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-17  5:43 asan: buffer overflow in mmo_get_symbols Alan Modra
2021-12-17 22:44 ` Hans-Peter Nilsson
2021-12-18  0:13   ` Alan Modra

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).