aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2020-07-01 16:54:50 +0930
committerAlan Modra <amodra@gmail.com>2020-07-01 21:18:11 +0930
commit33d1369f183f1c276e3f0f52b5573fb2f5843b1c (patch)
tree6c2b9f099f3c99cf8a95c07922133d4b99fc9079
parent9cdf98207c5bab668e3734d11d5a24d6b5375b54 (diff)
downloadgdb-33d1369f183f1c276e3f0f52b5573fb2f5843b1c.zip
gdb-33d1369f183f1c276e3f0f52b5573fb2f5843b1c.tar.gz
gdb-33d1369f183f1c276e3f0f52b5573fb2f5843b1c.tar.bz2
PR26188, buff overflow in coff_find_nearest_line_with_names
PR 26188 * coffgen.c (coff_find_nearest_line_with_names): Sanity check raw syment index before dereferencing.
-rw-r--r--bfd/ChangeLog6
-rw-r--r--bfd/coffgen.c8
2 files changed, 12 insertions, 2 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index fc6042e..b91df99 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,11 @@
2020-07-01 Alan Modra <amodra@gmail.com>
+ PR 26188
+ * coffgen.c (coff_find_nearest_line_with_names): Sanity check
+ raw syment index before dereferencing.
+
+2020-07-01 Alan Modra <amodra@gmail.com>
+
* elf32-i386.c (elf_backend_object_p): Undef for vxworks.
2020-07-01 Alan Modra <amodra@gmail.com>
diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index 94589b4..3291b69 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -2435,11 +2435,15 @@ coff_find_nearest_line_with_names (bfd *abfd,
/* In XCOFF a debugging symbol can follow the
function symbol. */
- if (s->u.syment.n_scnum == N_DEBUG)
+ if (((size_t) ((char *) s - (char *) obj_raw_syments (abfd))
+ < obj_raw_syment_count (abfd) * sizeof (*s))
+ && s->u.syment.n_scnum == N_DEBUG)
s = s + 1 + s->u.syment.n_numaux;
/* S should now point to the .bf of the function. */
- if (s->u.syment.n_numaux)
+ if (((size_t) ((char *) s - (char *) obj_raw_syments (abfd))
+ < obj_raw_syment_count (abfd) * sizeof (*s))
+ && s->u.syment.n_numaux)
{
/* The linenumber is stored in the auxent. */
union internal_auxent *a = &((s + 1)->u.auxent);