aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2014-12-11 20:25:05 +0000
committerNick Clifton <nickc@redhat.com>2014-12-11 20:25:05 +0000
commitacff96643eb25bc425d108b0576d393ab398f1c5 (patch)
tree7b1b747beedd3d2b846ea20062e40407cb847a5d
parent05a6c3c813d617d9900c5de056f40f958a6c71a5 (diff)
downloadgdb-acff96643eb25bc425d108b0576d393ab398f1c5.zip
gdb-acff96643eb25bc425d108b0576d393ab398f1c5.tar.gz
gdb-acff96643eb25bc425d108b0576d393ab398f1c5.tar.bz2
Fix a few moere memory access violations.
PR binutils/17512 * dwarf.c (display_gdb_index): Add more range checks.
-rw-r--r--binutils/ChangeLog5
-rw-r--r--binutils/dwarf.c20
2 files changed, 20 insertions, 5 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index e8c0037..48957bd 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-11 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * dwarf.c (display_gdb_index): Add more range checks.
+
2014-12-11 Alan Modra <amodra@gmail.com>
* configure.ac: Check for long long and sizes of long long and long.
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 02b7668..10d639c 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -6509,7 +6509,7 @@ display_gdb_index (struct dwarf_section *section,
/* PR 17531: file: 18a47d3d. */
if (symbol_table_offset < address_table_offset)
{
- warn (_("Symbolt table offset (%xl) is less then Address table offset (%x)\n"),
+ warn (_("Symbol table offset (%xl) is less then Address table offset (%x)\n"),
symbol_table_offset, address_table_offset);
return 0;
}
@@ -6531,6 +6531,12 @@ display_gdb_index (struct dwarf_section *section,
symbol_table = start + symbol_table_offset;
constant_pool = start + constant_pool_offset;
+ if (address_table + address_table_size * (2 + 8 + 4) > section->start + section->size)
+ {
+ warn (_("Address table extends beyond end of section. %x"), address_table_size);
+ return 0;
+ }
+
printf (_("\nCU table:\n"));
for (i = 0; i < cu_list_elements; i += 2)
{
@@ -6557,7 +6563,8 @@ display_gdb_index (struct dwarf_section *section,
}
printf (_("\nAddress table:\n"));
- for (i = 0; i <= address_table_size - (2 * 8 + 4); i += 2 * 8 + 4)
+ for (i = 0; i < address_table_size && i <= address_table_size - (2 * 8 + 4);
+ i += 2 * 8 + 4)
{
uint64_t low = byte_get_little_endian (address_table + i, 8);
uint64_t high = byte_get_little_endian (address_table + i + 8, 8);
@@ -6589,7 +6596,9 @@ display_gdb_index (struct dwarf_section *section,
name_offset, i);
}
else
- printf ("[%3u] %s:", i, constant_pool + name_offset);
+ printf ("[%3u] %.*s:", i,
+ (int) (section->size - (constant_pool_offset + name_offset)),
+ constant_pool + name_offset);
if (constant_pool + cu_vector_offset < constant_pool
|| constant_pool + cu_vector_offset >= section->start + section->size)
@@ -6602,11 +6611,12 @@ display_gdb_index (struct dwarf_section *section,
else
num_cus = byte_get_little_endian (constant_pool + cu_vector_offset, 4);
- if (constant_pool + cu_vector_offset + 4 + num_cus * 4 >=
+ if (num_cus * 4 < num_cus
+ || constant_pool + cu_vector_offset + 4 + num_cus * 4 >=
section->start + section->size)
{
printf ("<invalid number of CUs: %d>\n", num_cus);
- warn (_("Invalid number of CUs (%d) for symbol table slot %d\n"),
+ warn (_("Invalid number of CUs (0x%x) for symbol table slot %d\n"),
num_cus, i);
continue;
}