https://sourceware.org/bugzilla/show_bug.cgi?id=33548
--- Comment #5 from Sourceware Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Nick Alcock <[email protected]>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54098e34724fef2ce77f142f81b3015f4a1774b1 commit 54098e34724fef2ce77f142f81b3015f4a1774b1 Author: Nick Alcock <[email protected]> Date: Mon Nov 3 17:15:32 2025 +0000 libctf: allow ctf_arc_bufpreamble to fail The recent libctf fix for ctf_arc_bufpreamble missed a case: what if the input is exactly sizeof (ctf_archive_t) in size (which can happen if the archive has no members at all, so returning the preamble from one of the members is in any case impossible?). In this case it'll return an off-the-end pointer, and its caller will overrun. (This can also happen with fuzzed input which has a valid magic number.) Allow it to fail in this case, returning NULL, and adjust its sole caller. The caller's conclusions in this case will be wrong (it will conclude that the archive is connected to .symtab), but the incorrect conclusions are harmless because the lack of archive members will immediately cause a failure in ctf_arc_bufopen(), and an error return. Thanks to Alan Modra for the original fix this soups up. libctf/ PR libctf/33548 * ctf-archive.c (ctf_arc_bufpreamble): Fail if the archive is too short (or empty, with no dicts to contain preambles), returning NULL. * ctf-open-bfd.c (ctf_bfdopen_ctfsect): Handle a NULL return. -- You are receiving this mail because: You are on the CC list for the bug.
