PR27861, Infinite loop in dwarf.c:7507-7526

	PR 27861
	* dwarf.c (display_debug_str_offsets): Sanity check dwarf5
	header length.

2 files changed, 14 insertions, 1 deletions

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 335c7d0..85d21eb 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,5 +1,11 @@
 2021-05-13  Alan Modra  <amodra@gmail.com>
 
+	PR 27861
+	* dwarf.c (display_debug_str_offsets): Sanity check dwarf5
+	header length.
+
+2021-05-13  Alan Modra  <amodra@gmail.com>
+
 	PR 27860
 	* dwarf.c (display_debug_frames): Sanity check cie_off before
 	attempting to read cie.
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 20bd926..b22d33c 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -7487,7 +7487,14 @@ display_debug_str_offsets (struct dwarf_section *section,
 	}
       else
 	{
-	  entries_end = curr + length;
+	  if (length <= (dwarf_vma) (end - curr))
+	    entries_end = curr + length;
+	  else
+	    {
+	      warn (_("Section %s is too small %#lx\n"),
+		    section->name, (unsigned long) section->size);
+	      entries_end = end;
+	    }
 
 	  int version;
 	  SAFE_BYTE_GET_AND_INC (version, curr, 2, end);