rpms / mingw-binutils

Clone
Source Code
GIT

Blame SOURCES/CVE-2022-38533.patch

c8 c8-beta c8s c9 c9-beta
  1.   ddc4e9638eaac3f5f6e641519eeacaea5190ecfd
  2.   SOURCES
  3.   CVE-2022-38533.patch
Blob History Raw
ddc4e9 
diff -rupN --no-dereference binutils-2.39/bfd/coffcode.h binutils-2.39-new/bfd/coffcode.h
ddc4e9 
--- binutils-2.39/bfd/coffcode.h	2022-07-08 11:46:47.000000000 +0200
ddc4e9 
+++ binutils-2.39-new/bfd/coffcode.h	2022-10-30 12:41:41.408023817 +0100
ddc4e9 
@@ -4284,10 +4284,13 @@ coff_set_section_contents (bfd * abfd,
ddc4e9
ddc4e9 
 	rec = (bfd_byte *) location;
ddc4e9 
 	recend = rec + count;
ddc4e9 
-	while (rec < recend)
ddc4e9 
+	while (recend - rec >= 4)
ddc4e9 
 	  {
ddc4e9 
+	    size_t len = bfd_get_32 (abfd, rec);
ddc4e9 
+	    if (len == 0 || len > (size_t) (recend - rec) / 4)
ddc4e9 
+	      break;
ddc4e9 
+	    rec += len * 4;
ddc4e9 
 	    ++section->lma;
ddc4e9 
-	    rec += bfd_get_32 (abfd, rec) * 4;
ddc4e9 
 	  }
ddc4e9
ddc4e9 
 	BFD_ASSERT (rec == recend);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation