diff options
| author | Nick Clifton <nickc@redhat.com> | 2021-07-02 14:56:36 +0100 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2021-07-02 14:56:36 +0100 |
| commit | 49910fd88dcd2ec3d0d9e56120ceb56a6a64b7b8 (patch) | |
| tree | 6669ddf9c3ef564225245f664ebbe3130e9751c2 | |
| parent | 4ff0bb2df5e0ce6dc30b8dd2a0d4174649d0dcfe (diff) | |
| download | binutils-49910fd88dcd2ec3d0d9e56120ceb56a6a64b7b8.zip binutils-49910fd88dcd2ec3d0d9e56120ceb56a6a64b7b8.tar.gz binutils-49910fd88dcd2ec3d0d9e56120ceb56a6a64b7b8.tar.bz2 | |
Fix an illegal memory access triggered by an attempt to parse a corrupt input file.
PR 28046
* dwarf2.c (read_ranges): Check that range_ptr does not exceed
range_end.
| -rw-r--r-- | bfd/ChangeLog | 6 | ||||
| -rw-r--r-- | bfd/dwarf2.c | 5 |
2 files changed, 10 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index abb9e09..1c4c176 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2021-07-02 Nick Clifton <nickc@redhat.com> + + PR 28046 + * dwarf2.c (read_ranges): Check that range_ptr does not exceed + range_end. + 2021-06-30 YunQiang Su <yunqiang.su@cipunited.com> PR mips/28009 diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c index 79fcd06..1247f95 100644 --- a/bfd/dwarf2.c +++ b/bfd/dwarf2.c @@ -909,7 +909,8 @@ read_address (struct comp_unit *unit, bfd_byte **ptr, bfd_byte *buf_end) if (bfd_get_flavour (unit->abfd) == bfd_target_elf_flavour) signed_vma = get_elf_backend_data (unit->abfd)->sign_extend_vma; - if (unit->addr_size > (size_t) (buf_end - buf)) + if (unit->addr_size > (size_t) (buf_end - buf) + || (buf > buf_end)) { *ptr = buf_end; return 0; @@ -3097,6 +3098,8 @@ read_ranges (struct comp_unit *unit, struct arange *arange, if (ranges_ptr < unit->file->dwarf_ranges_buffer) return false; ranges_end = unit->file->dwarf_ranges_buffer + unit->file->dwarf_ranges_size; + if (ranges_ptr >= ranges_end) + return false; for (;;) { |