diff options
| author | Alan Modra <amodra@gmail.com> | 2021-05-15 15:17:58 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2021-05-15 15:22:25 +0930 |
| commit | b4951546078b869ce2f720561a2c59cfe2d005c9 (patch) | |
| tree | 1b8e499096386eaeb6d78b09a255a2f9f2966ba8 /binutils | |
| parent | 669f463dbc700ab2694c960bb3e3f1083323f500 (diff) | |
| download | fsf-binutils-gdb-b4951546078b869ce2f720561a2c59cfe2d005c9.zip fsf-binutils-gdb-b4951546078b869ce2f720561a2c59cfe2d005c9.tar.gz fsf-binutils-gdb-b4951546078b869ce2f720561a2c59cfe2d005c9.tar.bz2 | |
display_debug_ranges
* dwarf.c (display_debug_ranges): Delete initial_length_size.
Correct fallback size calculated on finding a reloc. Constrain
data reads to length given in header. Avoid pointer UB.
Diffstat (limited to 'binutils')
| -rw-r--r-- | binutils/ChangeLog | 6 | ||||
| -rw-r--r-- | binutils/dwarf.c | 16 |
2 files changed, 12 insertions, 10 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index db5ed0f..9d646ed 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,5 +1,11 @@ 2021-05-15 Alan Modra <amodra@gmail.com> + * dwarf.c (display_debug_ranges): Delete initial_length_size. + Correct fallback size calculated on finding a reloc. Constrain + data reads to length given in header. Avoid pointer UB. + +2021-05-15 Alan Modra <amodra@gmail.com> + * dwarf.c (display_debug_rnglists_list): Avoid pointer UB. 2021-05-15 Alan Modra <amodra@gmail.com> diff --git a/binutils/dwarf.c b/binutils/dwarf.c index c4b6edf..9243c85 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -7691,7 +7691,6 @@ display_debug_ranges (struct dwarf_section *section, if (is_rnglists) { dwarf_vma initial_length; - unsigned int initial_length_size; unsigned char segment_selector_size; unsigned int offset_size, offset_entry_count; unsigned short version; @@ -7704,22 +7703,18 @@ display_debug_ranges (struct dwarf_section *section, /* This section is 64-bit DWARF 3. */ SAFE_BYTE_GET_AND_INC (initial_length, start, 8, finish); offset_size = 8; - initial_length_size = 12; } else - { - offset_size = 4; - initial_length_size = 4; - } + offset_size = 4; - if (initial_length + initial_length_size > section->size) + if (initial_length > (size_t) (finish - start)) { /* If the length field has a relocation against it, then we should not complain if it is inaccurate (and probably negative). It is copied from .debug_line handling code. */ if (reloc_at (section, (start - section->start) - offset_size)) { - initial_length = (finish - start) - initial_length_size; + initial_length = finish - start; } else { @@ -7728,6 +7723,7 @@ display_debug_ranges (struct dwarf_section *section, return 0; } } + finish = start + initial_length; /* Get and check the version number. */ SAFE_BYTE_GET_AND_INC (version, start, 2, finish); @@ -7833,7 +7829,6 @@ display_debug_ranges (struct dwarf_section *section, pointer_size = (is_rnglists ? address_size : debug_info_p->pointer_size); offset = range_entry->ranges_offset; - next = section_begin + offset; base_address = debug_info_p->base_address; /* PR 17512: file: 001-101485-0.001:0.1. */ @@ -7844,12 +7839,13 @@ display_debug_ranges (struct dwarf_section *section, continue; } - if (next < section_begin || next >= finish) + if (offset > (size_t) (finish - section_begin)) { warn (_("Corrupt offset (%#8.8lx) in range entry %u\n"), (unsigned long) offset, i); continue; } + next = section_begin + offset; /* If multiple DWARF entities reference the same range then we will have multiple entries in the `range_entries' list for the same |