asan: stack-buffer-overflow vms-lib.c:367

Message ID 20210505041613.GQ22624@bubble.grove.modra.org
State New
Headers show
Series
  • asan: stack-buffer-overflow vms-lib.c:367
Related show

Commit Message

H.J. Lu via Binutils May 5, 2021, 4:16 a.m.
Fix a problem found by fuzzers.

	* vms-lib.c (vms_traverse_index): Account for vms_kbn size when
	sanity checking keylen.


-- 
Alan Modra
Australia Development Lab, IBM

Patch

diff --git a/bfd/vms-lib.c b/bfd/vms-lib.c
index dc23df39199..55e61305bdf 100644
--- a/bfd/vms-lib.c
+++ b/bfd/vms-lib.c
@@ -357,7 +357,7 @@  vms_traverse_index (bfd *abfd, unsigned int vbn, struct carsym_mem *cs,
 		    return false;
 		  kbn = (struct vms_kbn *)(kblk + koff);
 		  klen = bfd_getl16 (kbn->keylen);
-		  if (klen > sizeof (kblk) - koff)
+		  if (klen > sizeof (kblk) - sizeof (struct vms_kbn) - koff)
 		    return false;
 		  kvbn = bfd_getl32 (kbn->rfa.vbn);
 		  koff = bfd_getl16 (kbn->rfa.offset);