aboutsummaryrefslogtreecommitdiff
path: root/bfd
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2017-09-24 14:36:16 +0930
committerAlan Modra <amodra@gmail.com>2017-09-24 16:15:14 +0930
commit515f23e63c0074ab531bc954f84ca40c6281a724 (patch)
tree266d9172e9797c3b818c1edba524a320d1382178 /bfd
parent0d76029f92182c3682d8be2c833d45bc9a2068fe (diff)
downloadgdb-515f23e63c0074ab531bc954f84ca40c6281a724.zip
gdb-515f23e63c0074ab531bc954f84ca40c6281a724.tar.gz
gdb-515f23e63c0074ab531bc954f84ca40c6281a724.tar.bz2
PR22169, heap-based buffer overflow in read_1_byte
The .debug_line header length field doesn't include the length field itself, ie. it's the size of the rest of .debug_line. PR 22169 * dwarf2.c (decode_line_info): Correct .debug_line unit_length check.
Diffstat (limited to 'bfd')
-rw-r--r--bfd/ChangeLog5
-rw-r--r--bfd/dwarf2.c7
2 files changed, 9 insertions, 3 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 57f5ad3..f63a8bb 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,10 @@
2017-09-24 Alan Modra <amodra@gmail.com>
+ PR 22169
+ * dwarf2.c (decode_line_info): Correct .debug_line unit_length check.
+
+2017-09-24 Alan Modra <amodra@gmail.com>
+
PR 22167
* dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL.
diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
index d1cf1aa..89a3f9b 100644
--- a/bfd/dwarf2.c
+++ b/bfd/dwarf2.c
@@ -2096,12 +2096,13 @@ decode_line_info (struct comp_unit *unit, struct dwarf2_debug *stash)
offset_size = 8;
}
- if (unit->line_offset + lh.total_length > stash->dwarf_line_size)
+ if (lh.total_length > (size_t) (line_end - line_ptr))
{
_bfd_error_handler
/* xgettext: c-format */
- (_("Dwarf Error: Line info data is bigger (%#Lx) than the space remaining in the section (%#Lx)"),
- lh.total_length, stash->dwarf_line_size - unit->line_offset);
+ (_("Dwarf Error: Line info data is bigger (%#Lx)"
+ " than the space remaining in the section (%#lx)"),
+ lh.total_length, (unsigned long) (line_end - line_ptr));
bfd_set_error (bfd_error_bad_value);
return NULL;
}