asan: heap buffer overflow in dwarf2_directive_filename

Seen with .file 4294967289 "xxx.c" * dwarf2dbg.c (assign_file_to_slot): Catch more cases of integer overflow. Make param i an unsigned int.
author: Alan Modra <amodra@gmail.com> 2022-06-01 17:44:41 +0930
committer: Alan Modra <amodra@gmail.com> 2022-06-02 15:54:14 +0930
commit: 6f87d3fd27417e5adb2aa6f106a614296425df57 (patch)
tree: b67ebd777ac291eb661c03e3e96c8015c6604c17 /gas/dwarf2dbg.c
parent: b3abcebcae6e648086147637bcba09c217c8bd9a (diff)
download: gdb-6f87d3fd27417e5adb2aa6f106a614296425df57.zip
gdb-6f87d3fd27417e5adb2aa6f106a614296425df57.tar.gz
gdb-6f87d3fd27417e5adb2aa6f106a614296425df57.tar.bz2
1 files changed, 5 insertions, 3 deletions
diff --git a/gas/dwarf2dbg.c b/gas/dwarf2dbg.c
index 185d57c..b4b2529 100644
--- a/gas/dwarf2dbg.c
+++ b/gas/dwarf2dbg.c
@@ -679,7 +679,7 @@ get_directory_table_entry (const char *dirname,
 }
 
 static bool
-assign_file_to_slot (unsigned long i, const char *file, unsigned int dir)
+assign_file_to_slot (unsigned int i, const char *file, unsigned int dir)
 {
   if (i >= files_allocated)
     {
@@ -687,9 +687,11 @@ assign_file_to_slot (unsigned long i, const char *file, unsigned int dir)
 
       files_allocated = i + 32;
       /* Catch wraparound.  */
-      if (files_allocated <= old)
+      if (files_allocated < old
+	  || files_allocated < i
+	  || files_allocated > UINT_MAX / sizeof (struct file_entry))
 	{
-	  as_bad (_("file number %lu is too big"), (unsigned long) i);
+	  as_bad (_("file number %u is too big"), i);
 	  return false;
 	}
author	Alan Modra <amodra@gmail.com>	2022-06-01 17:44:41 +0930
committer	Alan Modra <amodra@gmail.com>	2022-06-02 15:54:14 +0930
commit	6f87d3fd27417e5adb2aa6f106a614296425df57 (patch)
tree	b67ebd777ac291eb661c03e3e96c8015c6604c17 /gas/dwarf2dbg.c
parent	b3abcebcae6e648086147637bcba09c217c8bd9a (diff)
download	gdb-6f87d3fd27417e5adb2aa6f106a614296425df57.zip gdb-6f87d3fd27417e5adb2aa6f106a614296425df57.tar.gz gdb-6f87d3fd27417e5adb2aa6f106a614296425df57.tar.bz2