PR27291, integer overflow in bfd_get_section_contents

Message ID 20210211013228.GO5348@bubble.grove.modra.org
State New
Headers show
Series
  • PR27291, integer overflow in bfd_get_section_contents
Related show

Commit Message

Alan Modra via Binutils Feb. 11, 2021, 1:32 a.m.
Makes the code a little more elegant too.  Note that the unsigned
overflow reported here is well defined so this patch doesn't fix any
real problem.

	PR 27291
	* section.c (bfd_get_section_contents): Avoid possible overflow
	when range checking offset and count.
	(bfd_set_section_contents): Likewise.


-- 
Alan Modra
Australia Development Lab, IBM

Patch

diff --git a/bfd/section.c b/bfd/section.c
index 3e6ba0c0938..059b6fa2e57 100644
--- a/bfd/section.c
+++ b/bfd/section.c
@@ -1498,8 +1498,7 @@  bfd_set_section_contents (bfd *abfd,
 
   sz = section->size;
   if ((bfd_size_type) offset > sz
-      || count > sz
-      || offset + count > sz
+      || count > sz - offset
       || count != (size_t) count)
     {
       bfd_set_error (bfd_error_bad_value);
@@ -1569,8 +1568,7 @@  bfd_get_section_contents (bfd *abfd,
   else
     sz = section->size;
   if ((bfd_size_type) offset > sz
-      || count > sz
-      || offset + count > sz
+      || count > sz - offset
       || count != (size_t) count)
     {
       bfd_set_error (bfd_error_bad_value);