From 6aea08d9f3e3d6475a65454da488a0c51f5dc97d Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Tue, 17 Apr 2018 12:35:55 +0100
Subject: Fix illegal memory access when parsing corrupt DWARF information.

	PR 23064
	* dwarf.c (process_cu_tu_index): Test for a potential buffer
	overrun before copying signature pointer.
---
 binutils/dwarf.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'binutils/dwarf.c')

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 10b4e28..f94f5b2 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -9287,7 +9287,18 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
 		}
 
 	      if (!do_display)
-		memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t));
+		{
+		  size_t num_copy = sizeof (uint64_t);
+
+		  /* PR 23064: Beware of buffer overflow.  */
+		  if (ph + num_copy < limit)
+		    memcpy (&this_set[row - 1].signature, ph, num_copy);
+		  else
+		    {
+		      warn (_("Signature (%p) extends beyond end of space in section\n"), ph);
+		      return 0;
+		    }
+		}
 
 	      prow = poffsets + (row - 1) * ncols * 4;
 	      /* PR 17531: file: b8ce60a8.  */
-- 
cgit v1.1