diff options
| author | Tom de Vries <tdevries@suse.de> | 2025-05-02 22:21:36 +0200 |
|---|---|---|
| committer | Tom de Vries <tdevries@suse.de> | 2025-05-02 22:21:36 +0200 |
| commit | 6ec31a457e953f4dbcdb7740d6dda676cdfb2a73 (patch) | |
| tree | c02b14e35e183794948394ffe1c59896fd62351f /zlib/contrib/delphi/ZLibConst.pas | |
| parent | fdaf750f3271e45a2ca4b381e8e8d4058abbb58a (diff) | |
| download | binutils-6ec31a457e953f4dbcdb7740d6dda676cdfb2a73.zip binutils-6ec31a457e953f4dbcdb7740d6dda676cdfb2a73.tar.gz binutils-6ec31a457e953f4dbcdb7740d6dda676cdfb2a73.tar.bz2 | |
[gdb/symtab] Throw DWARF error on out-of-bounds DW_FORM_strx
With the test-case contained in the patch, and gdb build with
-fsanitize=address we get:
...
==23678==ERROR: AddressSanitizer: heap-buffer-overflow ...^M
READ of size 1 at 0x6020000c30dc thread T3^[[1m^[[0m^M
ptype global_var^M
#0 0x2c6a40b in bfd_getl32 bfd/libbfd.c:846^M
#1 0x168f96c in read_str_index gdb/dwarf2/read.c:15349^M
...
The executable contains an out-of-bounds DW_FORM_strx attribute:
...
$ readelf -wi $exec
<2eb> DW_AT_name :readelf: Warning: string index of 1 converts to \
an offset of 0xc which is too big for section .debug_str
(indexed string: 0x1): <string index too big>
...
and read_str_index doesn't check for this:
...
info_ptr = (str_offsets_section->buffer
+ str_offsets_base
+ str_index * offset_size);
if (offset_size == 4)
str_offset = bfd_get_32 (abfd, info_ptr);
...
and consequently reads out-of-bounds.
Fix this in read_str_index by checking for the out-of-bounds condition and
throwing a DWARF error:
...
(gdb) ptype global_var
DWARF Error: Offset from DW_FORM_GNU_str_index or DW_FORM_strx pointing \
outside of .debug_str_offsets section in CU at offset 0x2d7 \
[in module dw-form-strx-out-of-bounds]
No symbol "global_var" in current context.
(gdb)
...
Tested on x86_64-linux.
Approved-By: Tom Tromey <tom@tromey.com>
Diffstat (limited to 'zlib/contrib/delphi/ZLibConst.pas')
0 files changed, 0 insertions, 0 deletions