blob: 2addf5139edf0e627da6572b013f3c12473eb000 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From 46322722ad40ac1a75672ae0f62f4969195f1368 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Thu, 20 Jan 2022 13:58:38 +1030
Subject: [PATCH] PR28753, buffer overflow in read_section_stabs_debugging_info
PR 28753
* rddbg.c (read_section_stabs_debugging_info): Don't read past
end of section when concatentating stab strings.
CVE: CVE-2021-46174
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cad4d6b91e97]
(cherry picked from commit 085b299b71721e15f5c5c5344dc3e4e4536dadba)
(cherry picked from commit cad4d6b91e97b6962807d33c04ed7e7797788438)
Signed-off-by: poojitha adireddy <pooadire@cisco.com>
---
binutils/rddbg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/binutils/rddbg.c b/binutils/rddbg.c
index 72e934055b5..5e76d94a3c4 100644
--- a/binutils/rddbg.c
+++ b/binutils/rddbg.c
@@ -207,7 +207,7 @@ read_section_stabs_debugging_info (bfd *abfd, asymbol **syms, long symcount,
an attempt to read the byte before 'strings' would occur. */
while ((len = strlen (s)) > 0
&& s[len - 1] == '\\'
- && stab + 12 < stabs + stabsize)
+ && stab + 16 <= stabs + stabsize)
{
char *p;
--
2.23.1
|