1From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001 2From: Alan Modra <amodra@gmail.com> 3Date: Sat, 13 Aug 2022 15:32:47 +0930 4Subject: [PATCH] PR29482 - strip: heap-buffer-overflow 5 6 PR 29482 7 * coffcode.h (coff_set_section_contents): Sanity check _LIB. 8 9Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797] 10 11Signed-off-by: Pgowda <pgowda.cve@gmail.com> 12 13--- 14 bfd/coffcode.h | 7 +++++-- 15 1 file changed, 5 insertions(+), 2 deletions(-) 16 17diff --git a/bfd/coffcode.h b/bfd/coffcode.h 18index 67aaf158ca1..52027981c3f 100644 19--- a/bfd/coffcode.h 20+++ b/bfd/coffcode.h 21@@ -4302,10 +4302,13 @@ coff_set_section_contents (bfd * abfd, 22 23 rec = (bfd_byte *) location; 24 recend = rec + count; 25- while (rec < recend) 26+ while (recend - rec >= 4) 27 { 28+ size_t len = bfd_get_32 (abfd, rec); 29+ if (len == 0 || len > (size_t) (recend - rec) / 4) 30+ break; 31+ rec += len * 4; 32 ++section->lma; 33- rec += bfd_get_32 (abfd, rec) * 4; 34 } 35 36 BFD_ASSERT (rec == recend); 37