This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Fix memory access


Hi Guys,

  The upgrade to version 1.2.10 of ZLIB has exposed a bug in the BFD
  library's code to decompressed section contents.  The code was lying
  to ZLIB about the size of the input buffer, and with the new, more
  efficient code in 1.2.10 this could result in an illegal memory
  access.

  I am applying the patch below to fix the problem.  Tested with no
  regressions on a large number of targets.

Cheers
  Nick

bfd/ChangeLog
2017-02-17  Nick Clifton  <nickc@redhat.com>

	* compress.c (bfd_get_full_section_contents): Remember to reduce
	compressed size by the sizeof the compression header when
	decompressing the contents.

diff --git a/bfd/compress.c b/bfd/compress.c
index 1ed7d74..f881c07 100644
--- a/bfd/compress.c
+++ b/bfd/compress.c
@@ -300,7 +300,7 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr)
 	   SHF_COMPRESSED section.  */
 	compression_header_size = 12;
       if (!decompress_contents (compressed_buffer + compression_header_size,
-				sec->compressed_size, p, sz))
+				sec->compressed_size - compression_header_size, p, sz))
 	{
 	  bfd_set_error (bfd_error_bad_value);
 	  if (p != *ptr)


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]