From 5481040197402be6dfee265bd2ff5a4c88e30505 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Ferreira?= Date: Thu, 23 Sep 2021 11:33:47 -0400 Subject: [PATCH] libiberty: prevent buffer overflow when decoding user input libiberty/ * d-demangle.c (dlang_symbol_backref): Ensure strlen of string is less than length computed by dlang_number. --- libiberty/d-demangle.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c index a2152cc6551..7ded3e2a256 100644 --- a/libiberty/d-demangle.c +++ b/libiberty/d-demangle.c @@ -381,7 +381,7 @@ dlang_symbol_backref (string *decl, const char *mangled, /* Must point to a simple identifier. */ backref = dlang_number (backref, &len); - if (backref == NULL) + if (backref == NULL || strlen(backref) < len) return NULL; backref = dlang_lname (decl, backref, len);