diff options
| author | Alan Modra <amodra@gmail.com> | 2021-05-15 14:48:48 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2021-05-15 14:54:05 +0930 |
| commit | 37195e23e731744d2d61c97844e884634b592f77 (patch) | |
| tree | 82de8ba02e9cf68c9be4cab1a00d70e043d16d66 /binutils | |
| parent | edba4e4abaf679d3ce4d61fcbfe77b2bebfd4537 (diff) | |
| download | fsf-binutils-gdb-37195e23e731744d2d61c97844e884634b592f77.zip fsf-binutils-gdb-37195e23e731744d2d61c97844e884634b592f77.tar.gz fsf-binutils-gdb-37195e23e731744d2d61c97844e884634b592f77.tar.bz2 | |
read_debug_line_header
This patch also better constrains the data read, and removes pointer UB.
* dwarf.c (read_debug_line_header): Delete initial_length_size.
Avoid pointer UB. Keep within length specified by header.
Delete dead code.
Diffstat (limited to 'binutils')
| -rw-r--r-- | binutils/ChangeLog | 6 | ||||
| -rw-r--r-- | binutils/dwarf.c | 23 |
2 files changed, 11 insertions, 18 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 669cdbd..93a47cb 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,5 +1,11 @@ 2021-05-15 Alan Modra <amodra@gmail.com> + * dwarf.c (read_debug_line_header): Delete initial_length_size. + Avoid pointer UB. Keep within length specified by header. + Delete dead code. + +2021-05-15 Alan Modra <amodra@gmail.com> + * dwarf.c (process_debug_info): Always do the first CU length scan for sanity checks. Remove initial_length_size var and instead calculate end_cu. Use end_cu to limit data reads. diff --git a/binutils/dwarf.c b/binutils/dwarf.c index b7061a9..4f69dbb 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -4053,7 +4053,6 @@ read_debug_line_header (struct dwarf_section * section, unsigned char ** end_of_sequence) { unsigned char *hdrptr; - unsigned int initial_length_size; /* Extract information from the Line Number Program Header. (section 6.2.4 in the Dwarf3 doc). */ @@ -4067,15 +4066,11 @@ read_debug_line_header (struct dwarf_section * section, /* This section is 64-bit DWARF 3. */ SAFE_BYTE_GET_AND_INC (linfo->li_length, hdrptr, 8, end); linfo->li_offset_size = 8; - initial_length_size = 12; } else - { - linfo->li_offset_size = 4; - initial_length_size = 4; - } + linfo->li_offset_size = 4; - if (linfo->li_length + initial_length_size > section->size) + if (linfo->li_length > (size_t) (end - hdrptr)) { /* If the length field has a relocation against it, then we should not complain if it is inaccurate (and probably negative). This @@ -4085,7 +4080,7 @@ read_debug_line_header (struct dwarf_section * section, is used to compute the correct length once that is done. */ if (reloc_at (section, (hdrptr - section->start) - linfo->li_offset_size)) { - linfo->li_length = (end - data) - initial_length_size; + linfo->li_length = end - hdrptr; } else { @@ -4094,6 +4089,7 @@ read_debug_line_header (struct dwarf_section * section, return NULL; } } + end = hdrptr + linfo->li_length; /* Get and check the version number. */ SAFE_BYTE_GET_AND_INC (linfo->li_version, hdrptr, 2, end); @@ -4144,16 +4140,7 @@ read_debug_line_header (struct dwarf_section * section, SAFE_BYTE_GET_AND_INC (linfo->li_line_range, hdrptr, 1, end); SAFE_BYTE_GET_AND_INC (linfo->li_opcode_base, hdrptr, 1, end); - * end_of_sequence = data + linfo->li_length + initial_length_size; - /* PR 17512: file:002-117414-0.004. */ - if (* end_of_sequence > end) - { - warn (_("Line length %s extends beyond end of section\n"), - dwarf_vmatoa ("u", linfo->li_length)); - * end_of_sequence = end; - return NULL; - } - + *end_of_sequence = end; return hdrptr; } |