diff options
author | Nick Clifton <nickc@redhat.com> | 2023-04-11 16:14:23 +0100 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2023-04-11 16:14:23 +0100 |
commit | 9f1c612b7c1bb2d3035ca9416e5f09d844620e89 (patch) | |
tree | 1d680845a22fa5224d0ef533792a9f550505f1e3 /binutils | |
parent | 688fe114cd80e410dbed08064eaaedf5584d31cf (diff) | |
download | binutils-9f1c612b7c1bb2d3035ca9416e5f09d844620e89.zip binutils-9f1c612b7c1bb2d3035ca9416e5f09d844620e89.tar.gz binutils-9f1c612b7c1bb2d3035ca9416e5f09d844620e89.tar.bz2 |
Fix an attempt to allocate an excessive amount of memory when parsing a corrupt DWARF file.
PR 30313
* dwarf.c (display_debug_lines_decoded): Check for an overlarge number of files or directories.
Diffstat (limited to 'binutils')
-rw-r--r-- | binutils/ChangeLog | 4 | ||||
-rw-r--r-- | binutils/dwarf.c | 13 |
2 files changed, 17 insertions, 0 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 285b90c..59ab08a 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,5 +1,9 @@ 2023-04-11 Nick Clifton <nickc@redhat.com> + PR 30313 + * dwarf.c (display_debug_lines_decoded): Check for an overlarge + number of files or directories. + PR 30312 * dwarf.c (prealloc_cu_tu_list): Always allocate at least one entry. diff --git a/binutils/dwarf.c b/binutils/dwarf.c index ab0a3ca..f6ff238 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -4997,6 +4997,12 @@ display_debug_lines_decoded (struct dwarf_section * section, if (n_directories == 0) directory_table = NULL; + else if (n_directories > section->size) + { + warn (_("number of directories (0x%x) exceeds size of section %s\n"), + n_directories, section->name); + return 0; + } else directory_table = (char **) xcalloc (n_directories, sizeof (unsigned char *)); @@ -5055,6 +5061,7 @@ display_debug_lines_decoded (struct dwarf_section * section, if (do_checks && format_count > 5) warn (_("Unexpectedly large number of columns in the file name table (%u)\n"), format_count); + format_start = data; for (formati = 0; formati < format_count; formati++) { @@ -5071,6 +5078,12 @@ display_debug_lines_decoded (struct dwarf_section * section, if (n_files == 0) file_table = NULL; + else if (n_files > section->size) + { + warn (_("number of files (0x%x) exceeds size of section %s\n"), + n_files, section->name); + return 0; + } else file_table = (File_Entry *) xcalloc (n_files, sizeof (File_Entry)); |