Commit f76d7958 authored by Nick Clifton's avatar Nick Clifton
Browse files

Fix potential buffer overrun in objcopy's note merging code.

	* objcopy.c (merge_gnu_build_notes): Allow for the possibility
	that the new notes might actually be larger than the original
	notes.
parent 73d5efd7
2019-11-21 Nick Clifton <nickc@redhat.com>
* objcopy.c (merge_gnu_build_notes): Allow for the possibility
that the new notes might actually be larger than the original
notes.
2019-11-21 Alan Modra <amodra@gmail.com>
* testsuite/lib/binutils-common.exp (is_pecoff_format): Rewrite
......
......@@ -2460,7 +2460,9 @@ merge_gnu_build_notes (bfd * abfd,
bfd_vma prev_start = 0;
bfd_vma prev_end = 0;
new = new_contents = xmalloc (size);
/* Not sure how, but the notes might grow in size.
(eg see PR 1774507). Allow for this here. */
new = new_contents = xmalloc (size * 2);
for (pnote = pnotes, old = contents;
pnote < pnotes_end;
pnote ++)
......@@ -2527,8 +2529,11 @@ merge_gnu_build_notes (bfd * abfd,
#endif
new_size = new - new_contents;
memcpy (contents, new_contents, new_size);
size = new_size;
if (new_size < size)
{
memcpy (contents, new_contents, new_size);
size = new_size;
}
free (new_contents);
done:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment