An empty name param leads to read buffer overflow in function split_directories.
* libiberty/make-relative-prefix.c (split_directories): Return early on empty name. --- libiberty/ChangeLog | 7 +++++++ libiberty/make-relative-prefix.c | 3 +++ 2 files changed, 10 insertions(+) diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog index b516903d94..b7e24d11ef 100644 --- a/libiberty/ChangeLog +++ b/libiberty/ChangeLog @@ -1,3 +1,10 @@ +2019-11-28 Tim Ruehsen <[email protected]> + + Fix read buffer overflow in split_directories + + * make-relative-prefix.c (split_directories): + Return early on empty 'name' + 2019-11-16 Tim Ruehsen <[email protected]> Fix write buffer overflow in cplus_demangle() diff --git a/libiberty/make-relative-prefix.c b/libiberty/make-relative-prefix.c index ec0b0ee749..2ff2af8a59 100644 --- a/libiberty/make-relative-prefix.c +++ b/libiberty/make-relative-prefix.c @@ -122,6 +122,9 @@ split_directories (const char *name, int *ptr_num_dirs) const char *p, *q; int ch; + if (!*name) + return NULL; + /* Count the number of directories. Special case MSDOS disk names as part of the initial directory. */ p = name; -- 2.24.0
