aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2021-02-16 19:27:24 +1030
committerAlan Modra <amodra@gmail.com>2021-02-16 19:31:15 +1030
commit7b54caddca1013d10219da097e08d4cd4db6b923 (patch)
treee1c7f2bd1501e8df4a0b7a9b0b8f427ba1f9ebbb
parent9a12b194b0e9d1bde34aca175a2a7dead2fae7a9 (diff)
downloadgdb-7b54caddca1013d10219da097e08d4cd4db6b923.zip
gdb-7b54caddca1013d10219da097e08d4cd4db6b923.tar.gz
gdb-7b54caddca1013d10219da097e08d4cd4db6b923.tar.bz2
ubsan: shift exponent is too large
* libbfd.c (_bfd_read_unsigned_leb128): Avoid excessive shift. (_bfd_safe_read_leb128, _bfd_read_signed_leb128): Likewise.
-rw-r--r--bfd/ChangeLog5
-rw-r--r--bfd/libbfd.c23
2 files changed, 20 insertions, 8 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index e3f8778..e2e9256 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2021-02-16 Alan Modra <amodra@gmail.com>
+
+ * libbfd.c (_bfd_read_unsigned_leb128): Avoid excessive shift.
+ (_bfd_safe_read_leb128, _bfd_read_signed_leb128): Likewise.
+
2021-02-15 Jan Beulich <jbeulich@suse.com>
* doc/Makefile.am: Replace "cp -p" by "$(LN_S)".
diff --git a/bfd/libbfd.c b/bfd/libbfd.c
index cd94b81..4f3dd5a 100644
--- a/bfd/libbfd.c
+++ b/bfd/libbfd.c
@@ -1074,8 +1074,11 @@ _bfd_read_unsigned_leb128 (bfd *abfd ATTRIBUTE_UNUSED,
byte = bfd_get_8 (abfd, buf);
buf++;
num_read++;
- result |= (((bfd_vma) byte & 0x7f) << shift);
- shift += 7;
+ if (shift < 8 * sizeof (result))
+ {
+ result |= (((bfd_vma) byte & 0x7f) << shift);
+ shift += 7;
+ }
}
while (byte & 0x80);
*bytes_read_ptr = num_read;
@@ -1104,10 +1107,11 @@ _bfd_safe_read_leb128 (bfd *abfd ATTRIBUTE_UNUSED,
byte = bfd_get_8 (abfd, data);
data++;
num_read++;
-
- result |= ((bfd_vma) (byte & 0x7f)) << shift;
-
- shift += 7;
+ if (shift < 8 * sizeof (result))
+ {
+ result |= ((bfd_vma) (byte & 0x7f)) << shift;
+ shift += 7;
+ }
if ((byte & 0x80) == 0)
break;
}
@@ -1141,8 +1145,11 @@ _bfd_read_signed_leb128 (bfd *abfd ATTRIBUTE_UNUSED,
byte = bfd_get_8 (abfd, buf);
buf ++;
num_read ++;
- result |= (((bfd_vma) byte & 0x7f) << shift);
- shift += 7;
+ if (shift < 8 * sizeof (result))
+ {
+ result |= (((bfd_vma) byte & 0x7f) << shift);
+ shift += 7;
+ }
}
while (byte & 0x80);
if (shift < 8 * sizeof (result) && (byte & 0x40))