diff options
| author | Alan Modra <amodra@gmail.com> | 2024-08-01 20:36:42 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2024-08-01 21:52:34 +0930 |
| commit | 479c61163612f37d853efd21c40963459ef611d4 (patch) | |
| tree | c29deec5fbee7b14863eda95e285ebd0261e12d5 | |
| parent | b782c65ba1103270d0e5097b655489ec08470ca9 (diff) | |
| download | gdb-479c61163612f37d853efd21c40963459ef611d4.zip gdb-479c61163612f37d853efd21c40963459ef611d4.tar.gz gdb-479c61163612f37d853efd21c40963459ef611d4.tar.bz2 | |
skip_attr_bytes assertion (data) <= (end) fail
get_type_abbrev_from_form is lax in not limiting data for a uleb to
the current CU, because DW_FORM_ref_addr allows access to other CU's
data. This can lead to an assertion fail when skipping or reading
attributes in get_type_signedness.
* dwarf.c (get_type_abbrev_from_form): Limit uleb data to map end
for ref_addr, cu_end otherwise.
| -rw-r--r-- | binutils/dwarf.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 972bb92..13a9162 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -2119,7 +2119,10 @@ get_type_abbrev_from_form (unsigned long form, *map_return = NULL; } - READ_ULEB (abbrev_number, data, section->start + section->size); + if (form == DW_FORM_ref_addr) + cu_end = section->start + map->end; + + READ_ULEB (abbrev_number, data, cu_end); for (entry = map->list->first_abbrev; entry != NULL; entry = entry->next) if (entry->number == abbrev_number) |