File binutils-pr29482.diff of Package binutils.26690

PR29482 aka CVE-2022-38533

From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Sat, 13 Aug 2022 15:32:47 +0930
Subject: [PATCH 1/1] PR29482 - strip: heap-buffer-overflow

	PR 29482
	* coffcode.h (coff_set_section_contents): Sanity check _LIB.
---
 bfd/coffcode.h | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

Index: binutils-2.39/bfd/coffcode.h
===================================================================
--- binutils-2.39.orig/bfd/coffcode.h	2022-07-08 11:46:47.000000000 +0200
+++ binutils-2.39/bfd/coffcode.h	2022-08-26 15:23:58.749610670 +0200
@@ -4284,10 +4284,13 @@ coff_set_section_contents (bfd * abfd,
 
 	rec = (bfd_byte *) location;
 	recend = rec + count;
-	while (rec < recend)
+	while (recend - rec >= 4)
 	  {
+	    size_t len = bfd_get_32 (abfd, rec);
+	    if (len == 0 || len > (size_t) (recend - rec) / 4)
+	      break;
+	    rec += len * 4;
 	    ++section->lma;
-	    rec += bfd_get_32 (abfd, rec) * 4;
 	  }
 
 	BFD_ASSERT (rec == recend);
openSUSE Build Service is sponsored by