PR27291, integer overflow in bfd_get_section_contents
Alan Modra
amodra@gmail.com
Thu Feb 11 01:32:28 GMT 2021
Makes the code a little more elegant too. Note that the unsigned
overflow reported here is well defined so this patch doesn't fix any
real problem.
PR 27291
* section.c (bfd_get_section_contents): Avoid possible overflow
when range checking offset and count.
(bfd_set_section_contents): Likewise.
diff --git a/bfd/section.c b/bfd/section.c
index 3e6ba0c0938..059b6fa2e57 100644
--- a/bfd/section.c
+++ b/bfd/section.c
@@ -1498,8 +1498,7 @@ bfd_set_section_contents (bfd *abfd,
sz = section->size;
if ((bfd_size_type) offset > sz
- || count > sz
- || offset + count > sz
+ || count > sz - offset
|| count != (size_t) count)
{
bfd_set_error (bfd_error_bad_value);
@@ -1569,8 +1568,7 @@ bfd_get_section_contents (bfd *abfd,
else
sz = section->size;
if ((bfd_size_type) offset > sz
- || count > sz
- || offset + count > sz
+ || count > sz - offset
|| count != (size_t) count)
{
bfd_set_error (bfd_error_bad_value);
--
Alan Modra
Australia Development Lab, IBM
More information about the Binutils
mailing list