diff options
author | Alan Modra <amodra@gmail.com> | 2023-04-18 10:20:08 +0930 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2023-04-18 10:24:40 +0930 |
commit | 34d63622f677b577b927debb1d6fd2bfef4422bd (patch) | |
tree | 5063f3cfeb5daa8942c94b81329fe9739fb50429 /binutils/dwarf.c | |
parent | a0fc6845a9506314524f1ad142c529bc3011568b (diff) | |
download | binutils-34d63622f677b577b927debb1d6fd2bfef4422bd.zip binutils-34d63622f677b577b927debb1d6fd2bfef4422bd.tar.gz binutils-34d63622f677b577b927debb1d6fd2bfef4422bd.tar.bz2 |
objdump buffer overflow in fetch_indexed_string
PR 30361
* dwarf.c (fetch_indexed_string): Sanity check string index.
Diffstat (limited to 'binutils/dwarf.c')
-rw-r--r-- | binutils/dwarf.c | 20 |
1 files changed, 7 insertions, 13 deletions
diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 87ce154..86893c5 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -659,14 +659,13 @@ fetch_indexed_string (uint64_t idx, return (dwo ? _("<no .debug_str.dwo section>") : _("<no .debug_str section>")); - index_offset = idx * offset_size; - - if (this_set != NULL) - index_offset += this_set->section_offsets [DW_SECT_STR_OFFSETS]; - - index_offset += str_offsets_base; - - if (index_offset + offset_size > index_section->size) + if (_mul_overflow (idx, offset_size, &index_offset) + || (this_set != NULL + && ((index_offset += this_set->section_offsets [DW_SECT_STR_OFFSETS]) + < this_set->section_offsets [DW_SECT_STR_OFFSETS])) + || (index_offset += str_offsets_base) < str_offsets_base + || index_offset + offset_size < offset_size + || index_offset + offset_size > index_section->size) { warn (_("string index of %" PRIu64 " converts to an offset of %#" PRIx64 " which is too big for section %s"), @@ -675,11 +674,6 @@ fetch_indexed_string (uint64_t idx, return _("<string index too big>"); } - /* FIXME: If we are being paranoid then we should also check to see if - IDX references an entry beyond the end of the string table pointed to - by STR_OFFSETS_BASE. (Since there can be more than one string table - in a DWARF string section). */ - str_offset = byte_get (index_section->start + index_offset, offset_size); str_offset -= str_section->address; |