aboutsummaryrefslogtreecommitdiff
path: root/gdb/gdbserver/regcache.c
diff options
context:
space:
mode:
authorSandra Loosemore <sandra@codesourcery.com>2019-04-25 07:27:02 -0700
committerSandra Loosemore <sandra@codesourcery.com>2019-04-25 07:27:02 -0700
commit723adb650a31859d7cc45832cb8adca0206455ed (patch)
tree7901cb38a9a47bfdf79e1165887414f8ca46f8c8 /gdb/gdbserver/regcache.c
parent68bb0359eec3093560929b8ad2b3f5d30e7a7e1d (diff)
downloadfsf-binutils-gdb-723adb650a31859d7cc45832cb8adca0206455ed.zip
fsf-binutils-gdb-723adb650a31859d7cc45832cb8adca0206455ed.tar.gz
fsf-binutils-gdb-723adb650a31859d7cc45832cb8adca0206455ed.tar.bz2
Detect invalid length field in debug frame FDE header.
GDB was failing to catch cases where a corrupt ELF or core file contained an invalid length value in a Dwarf debug frame FDE header. It was checking for buffer overflow but not cases where the length was negative or caused pointer wrap-around. In addition to the additional validity check, this patch cleans up the multiple signed/unsigned conversions on the length field so that an unsigned representation is used consistently throughout. This patch fixes CVE-2017-9778 and PR gdb/21600. 2019-04-25 Sandra Loosemore <sandra@codesourcery.com> Kang Li <kanglictf@gmail.com> PR gdb/21600 * dwarf2-frame.c (read_initial_length): Be consistent about using unsigned representation of length. (decode_frame_entry_1): Likewise. Check for wraparound of end pointer as well as buffer overflow.
Diffstat (limited to 'gdb/gdbserver/regcache.c')
0 files changed, 0 insertions, 0 deletions