diff options
author | Alan Modra <amodra@gmail.com> | 2021-02-16 19:27:24 +1030 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2021-02-16 19:31:15 +1030 |
commit | 7b54caddca1013d10219da097e08d4cd4db6b923 (patch) | |
tree | e1c7f2bd1501e8df4a0b7a9b0b8f427ba1f9ebbb | |
parent | 9a12b194b0e9d1bde34aca175a2a7dead2fae7a9 (diff) | |
download | gdb-7b54caddca1013d10219da097e08d4cd4db6b923.zip gdb-7b54caddca1013d10219da097e08d4cd4db6b923.tar.gz gdb-7b54caddca1013d10219da097e08d4cd4db6b923.tar.bz2 |
ubsan: shift exponent is too large
* libbfd.c (_bfd_read_unsigned_leb128): Avoid excessive shift.
(_bfd_safe_read_leb128, _bfd_read_signed_leb128): Likewise.
-rw-r--r-- | bfd/ChangeLog | 5 | ||||
-rw-r--r-- | bfd/libbfd.c | 23 |
2 files changed, 20 insertions, 8 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index e3f8778..e2e9256 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2021-02-16 Alan Modra <amodra@gmail.com> + + * libbfd.c (_bfd_read_unsigned_leb128): Avoid excessive shift. + (_bfd_safe_read_leb128, _bfd_read_signed_leb128): Likewise. + 2021-02-15 Jan Beulich <jbeulich@suse.com> * doc/Makefile.am: Replace "cp -p" by "$(LN_S)". diff --git a/bfd/libbfd.c b/bfd/libbfd.c index cd94b81..4f3dd5a 100644 --- a/bfd/libbfd.c +++ b/bfd/libbfd.c @@ -1074,8 +1074,11 @@ _bfd_read_unsigned_leb128 (bfd *abfd ATTRIBUTE_UNUSED, byte = bfd_get_8 (abfd, buf); buf++; num_read++; - result |= (((bfd_vma) byte & 0x7f) << shift); - shift += 7; + if (shift < 8 * sizeof (result)) + { + result |= (((bfd_vma) byte & 0x7f) << shift); + shift += 7; + } } while (byte & 0x80); *bytes_read_ptr = num_read; @@ -1104,10 +1107,11 @@ _bfd_safe_read_leb128 (bfd *abfd ATTRIBUTE_UNUSED, byte = bfd_get_8 (abfd, data); data++; num_read++; - - result |= ((bfd_vma) (byte & 0x7f)) << shift; - - shift += 7; + if (shift < 8 * sizeof (result)) + { + result |= ((bfd_vma) (byte & 0x7f)) << shift; + shift += 7; + } if ((byte & 0x80) == 0) break; } @@ -1141,8 +1145,11 @@ _bfd_read_signed_leb128 (bfd *abfd ATTRIBUTE_UNUSED, byte = bfd_get_8 (abfd, buf); buf ++; num_read ++; - result |= (((bfd_vma) byte & 0x7f) << shift); - shift += 7; + if (shift < 8 * sizeof (result)) + { + result |= (((bfd_vma) byte & 0x7f) << shift); + shift += 7; + } } while (byte & 0x80); if (shift < 8 * sizeof (result) && (byte & 0x40)) |