Fix potential illegal memory access in ZLIB because of an erroneous declaration of the size of the input buffer.

* compress.c (bfd_get_full_section_contents): Remember to reduce compressed size by the sizeof the compression header when decompressing the contents.
author: Nick Clifton <nickc@redhat.com> 2017-02-17 11:39:20 +0000
committer: Nick Clifton <nickc@redhat.com> 2017-02-17 11:39:20 +0000
commit: 6438d1be9e9b6802a465c70c76b9cec7e23270f3 (patch)
tree: 57d80c28288951b635ad378facf05220671cf4fe
parent: 51547df62c155231530ca502c485659f3d2b66cb (diff)
download: binutils-gdb-6438d1be9e9b6802a465c70c76b9cec7e23270f3.tar.gz
2 files changed, 7 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index be8bd680b07..3f3adc0e9f3 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-02-17  Nick Clifton  <nickc@redhat.com>
+
+	* compress.c (bfd_get_full_section_contents): Remember to reduce
+	compressed size by the sizeof the compression header when
+	decompressing the contents.
+
 2017-02-17  Pedro Alves  <palves@redhat.com>
 
 	* srec.c (Chunk): Rename to ...
diff --git a/bfd/compress.c b/bfd/compress.c
index 1ed7d74bf89..f881c074b85 100644
--- a/bfd/compress.c
+++ b/bfd/compress.c
@@ -300,7 +300,7 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr)
 	   SHF_COMPRESSED section.  */
 	compression_header_size = 12;
       if (!decompress_contents (compressed_buffer + compression_header_size,
-				sec->compressed_size, p, sz))
+				sec->compressed_size - compression_header_size, p, sz))
 	{
 	  bfd_set_error (bfd_error_bad_value);
 	  if (p != *ptr)
author	Nick Clifton <nickc@redhat.com>	2017-02-17 11:39:20 +0000
committer	Nick Clifton <nickc@redhat.com>	2017-02-17 11:39:20 +0000
commit	6438d1be9e9b6802a465c70c76b9cec7e23270f3 (patch)
tree	57d80c28288951b635ad378facf05220671cf4fe
parent	51547df62c155231530ca502c485659f3d2b66cb (diff)
download	binutils-gdb-6438d1be9e9b6802a465c70c76b9cec7e23270f3.tar.gz