Commit: Fix potential buffer overrun in objdump note merging code

Message ID 87y2w9ijoz.fsf@redhat.com
State New
Headers show
Series
  • Commit: Fix potential buffer overrun in objdump note merging code
Related show

Commit Message

Nick Clifton Nov. 21, 2019, 10:54 a.m.
Hi Guys,

  I am applying the patch below to fix a potential buffer overrun bug in
  the note merging code in objcopy.

Cheers
  Nick

binutils/ChangeLog
2019-11-21  Nick Clifton  <nickc@redhat.com>

	* objcopy.c (merge_gnu_build_notes): Allow for the possibility
	that the new notes might actually be larger than the original
	notes.

Patch

diff --git a/binutils/objcopy.c b/binutils/objcopy.c
index f682fbeef4..6e614b17cf 100644
--- a/binutils/objcopy.c
+++ b/binutils/objcopy.c
@@ -2460,7 +2460,9 @@  merge_gnu_build_notes (bfd *          abfd,
   bfd_vma        prev_start = 0;
   bfd_vma        prev_end = 0;
 
-  new = new_contents = xmalloc (size);
+  /* Not sure how, but the notes might grow in size.
+     (eg see PR 1774507).  Allow for this here.  */
+  new = new_contents = xmalloc (size * 2);
   for (pnote = pnotes, old = contents;
        pnote < pnotes_end;
        pnote ++)
@@ -2527,8 +2529,11 @@  merge_gnu_build_notes (bfd *          abfd,
 #endif
   
   new_size = new - new_contents;
-  memcpy (contents, new_contents, new_size);
-  size = new_size;
+  if (new_size < size)
+    {
+      memcpy (contents, new_contents, new_size);
+      size = new_size;
+    }
   free (new_contents);
 
  done: