This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Commit: Fix potential buffer overrun in objdump note merging code
- From: Nick Clifton <nickc at redhat dot com>
- To: binutils at sourceware dot org
- Date: Thu, 21 Nov 2019 10:54:04 +0000
- Subject: Commit: Fix potential buffer overrun in objdump note merging code
Hi Guys,
I am applying the patch below to fix a potential buffer overrun bug in
the note merging code in objcopy.
Cheers
Nick
binutils/ChangeLog
2019-11-21 Nick Clifton <nickc@redhat.com>
* objcopy.c (merge_gnu_build_notes): Allow for the possibility
that the new notes might actually be larger than the original
notes.
diff --git a/binutils/objcopy.c b/binutils/objcopy.c
index f682fbeef4..6e614b17cf 100644
--- a/binutils/objcopy.c
+++ b/binutils/objcopy.c
@@ -2460,7 +2460,9 @@ merge_gnu_build_notes (bfd * abfd,
bfd_vma prev_start = 0;
bfd_vma prev_end = 0;
- new = new_contents = xmalloc (size);
+ /* Not sure how, but the notes might grow in size.
+ (eg see PR 1774507). Allow for this here. */
+ new = new_contents = xmalloc (size * 2);
for (pnote = pnotes, old = contents;
pnote < pnotes_end;
pnote ++)
@@ -2527,8 +2529,11 @@ merge_gnu_build_notes (bfd * abfd,
#endif
new_size = new - new_contents;
- memcpy (contents, new_contents, new_size);
- size = new_size;
+ if (new_size < size)
+ {
+ memcpy (contents, new_contents, new_size);
+ size = new_size;
+ }
free (new_contents);
done: