diff options
| author | Alan Modra <amodra@gmail.com> | 2023-08-22 11:41:37 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2023-08-22 11:41:37 +0930 |
| commit | 8032f75b2994816e87e9d2ab7c46ad86601c999b (patch) | |
| tree | 2f48d92005fd089aa183e48df2dab5a2f7ea0ac8 /binutils | |
| parent | 5bf26ab7cb82c2e6308b269af44b989a51ee7903 (diff) | |
| download | binutils-8032f75b2994816e87e9d2ab7c46ad86601c999b.zip binutils-8032f75b2994816e87e9d2ab7c46ad86601c999b.tar.gz binutils-8032f75b2994816e87e9d2ab7c46ad86601c999b.tar.bz2 | |
objdump: file name table entry count check
Fuzzers have found that objdump -W takes a really long time if
the entry count uleb is ridiculously large, and format attributes
don't consume data (which doesn't make sense for a table of names).
* dwarf.c (display_formatted_table): Sanity check count of
table entries.
Diffstat (limited to 'binutils')
| -rw-r--r-- | binutils/dwarf.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 4f695bf..3ebc45a 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -4313,10 +4313,10 @@ display_formatted_table (unsigned char *data, printf (_("\n The %s is empty.\n"), table_name); return data; } - else if (data >= end) + else if (data >= end + || data_count > (size_t) (end - data)) { - warn (_("%s: Corrupt entry count - expected %#" PRIx64 - " but none found\n"), table_name, data_count); + warn (_("%s: Corrupt entry count %#" PRIx64 "\n"), table_name, data_count); return data; } |