From 37195e23e731744d2d61c97844e884634b592f77 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Sat, 15 May 2021 14:48:48 +0930 Subject: read_debug_line_header This patch also better constrains the data read, and removes pointer UB. * dwarf.c (read_debug_line_header): Delete initial_length_size. Avoid pointer UB. Keep within length specified by header. Delete dead code. --- binutils/ChangeLog | 6 ++++++ binutils/dwarf.c | 23 +++++------------------ 2 files changed, 11 insertions(+), 18 deletions(-) diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 669cdbd..93a47cb 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,5 +1,11 @@ 2021-05-15 Alan Modra + * dwarf.c (read_debug_line_header): Delete initial_length_size. + Avoid pointer UB. Keep within length specified by header. + Delete dead code. + +2021-05-15 Alan Modra + * dwarf.c (process_debug_info): Always do the first CU length scan for sanity checks. Remove initial_length_size var and instead calculate end_cu. Use end_cu to limit data reads. diff --git a/binutils/dwarf.c b/binutils/dwarf.c index b7061a9..4f69dbb 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -4053,7 +4053,6 @@ read_debug_line_header (struct dwarf_section * section, unsigned char ** end_of_sequence) { unsigned char *hdrptr; - unsigned int initial_length_size; /* Extract information from the Line Number Program Header. (section 6.2.4 in the Dwarf3 doc). */ @@ -4067,15 +4066,11 @@ read_debug_line_header (struct dwarf_section * section, /* This section is 64-bit DWARF 3. */ SAFE_BYTE_GET_AND_INC (linfo->li_length, hdrptr, 8, end); linfo->li_offset_size = 8; - initial_length_size = 12; } else - { - linfo->li_offset_size = 4; - initial_length_size = 4; - } + linfo->li_offset_size = 4; - if (linfo->li_length + initial_length_size > section->size) + if (linfo->li_length > (size_t) (end - hdrptr)) { /* If the length field has a relocation against it, then we should not complain if it is inaccurate (and probably negative). This @@ -4085,7 +4080,7 @@ read_debug_line_header (struct dwarf_section * section, is used to compute the correct length once that is done. */ if (reloc_at (section, (hdrptr - section->start) - linfo->li_offset_size)) { - linfo->li_length = (end - data) - initial_length_size; + linfo->li_length = end - hdrptr; } else { @@ -4094,6 +4089,7 @@ read_debug_line_header (struct dwarf_section * section, return NULL; } } + end = hdrptr + linfo->li_length; /* Get and check the version number. */ SAFE_BYTE_GET_AND_INC (linfo->li_version, hdrptr, 2, end); @@ -4144,16 +4140,7 @@ read_debug_line_header (struct dwarf_section * section, SAFE_BYTE_GET_AND_INC (linfo->li_line_range, hdrptr, 1, end); SAFE_BYTE_GET_AND_INC (linfo->li_opcode_base, hdrptr, 1, end); - * end_of_sequence = data + linfo->li_length + initial_length_size; - /* PR 17512: file:002-117414-0.004. */ - if (* end_of_sequence > end) - { - warn (_("Line length %s extends beyond end of section\n"), - dwarf_vmatoa ("u", linfo->li_length)); - * end_of_sequence = end; - return NULL; - } - + *end_of_sequence = end; return hdrptr; } -- cgit v1.1