From 9f1c612b7c1bb2d3035ca9416e5f09d844620e89 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Tue, 11 Apr 2023 16:14:23 +0100 Subject: Fix an attempt to allocate an excessive amount of memory when parsing a corrupt DWARF file. PR 30313 * dwarf.c (display_debug_lines_decoded): Check for an overlarge number of files or directories. --- binutils/ChangeLog | 4 ++++ binutils/dwarf.c | 13 +++++++++++++ 2 files changed, 17 insertions(+) diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 285b90c..59ab08a 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,5 +1,9 @@ 2023-04-11 Nick Clifton + PR 30313 + * dwarf.c (display_debug_lines_decoded): Check for an overlarge + number of files or directories. + PR 30312 * dwarf.c (prealloc_cu_tu_list): Always allocate at least one entry. diff --git a/binutils/dwarf.c b/binutils/dwarf.c index ab0a3ca..f6ff238 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -4997,6 +4997,12 @@ display_debug_lines_decoded (struct dwarf_section * section, if (n_directories == 0) directory_table = NULL; + else if (n_directories > section->size) + { + warn (_("number of directories (0x%x) exceeds size of section %s\n"), + n_directories, section->name); + return 0; + } else directory_table = (char **) xcalloc (n_directories, sizeof (unsigned char *)); @@ -5055,6 +5061,7 @@ display_debug_lines_decoded (struct dwarf_section * section, if (do_checks && format_count > 5) warn (_("Unexpectedly large number of columns in the file name table (%u)\n"), format_count); + format_start = data; for (formati = 0; formati < format_count; formati++) { @@ -5071,6 +5078,12 @@ display_debug_lines_decoded (struct dwarf_section * section, if (n_files == 0) file_table = NULL; + else if (n_files > section->size) + { + warn (_("number of files (0x%x) exceeds size of section %s\n"), + n_files, section->name); + return 0; + } else file_table = (File_Entry *) xcalloc (n_files, sizeof (File_Entry)); -- cgit v1.1