diff options
author | Nick Clifton <nickc@redhat.com> | 2018-03-01 16:14:08 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2018-03-01 16:14:08 +0000 |
commit | d11ae95ea3403559f052903ab053f43ad7821e37 (patch) | |
tree | 124027e40c609d4fd8493859a13b452344f5d11f /binutils/dwarf.c | |
parent | 0cb7c7b0bb79be910e261f3d30c58ace6b0d06d1 (diff) | |
download | gdb-d11ae95ea3403559f052903ab053f43ad7821e37.zip gdb-d11ae95ea3403559f052903ab053f43ad7821e37.tar.gz gdb-d11ae95ea3403559f052903ab053f43ad7821e37.tar.bz2 |
Prevent illegal memory accesses triggerd by intger overflow when parsing corrupt DWARF information on a 32-bit host.
PR 22905
* dwarf.c (display_debug_ranges): Check that the offset loaded
from the range_entry structure is valid.
Diffstat (limited to 'binutils/dwarf.c')
-rw-r--r-- | binutils/dwarf.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 6aca9b7..17896e6 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -387,6 +387,9 @@ read_uleb128 (unsigned char * data, } \ while (0) +/* Read AMOUNT bytes from PTR and store them in VAL as an unsigned value. + Checks to make sure that the read will not reach or pass END + and that VAL is big enough to hold AMOUNT bytes. */ #define SAFE_BYTE_GET(VAL, PTR, AMOUNT, END) \ do \ { \ @@ -415,6 +418,7 @@ read_uleb128 (unsigned char * data, } \ while (0) +/* Like SAFE_BYTE_GET, but also increments PTR by AMOUNT. */ #define SAFE_BYTE_GET_AND_INC(VAL, PTR, AMOUNT, END) \ do \ { \ @@ -423,6 +427,7 @@ read_uleb128 (unsigned char * data, } \ while (0) +/* Like SAFE_BYTE_GET, but reads a signed value. */ #define SAFE_SIGNED_BYTE_GET(VAL, PTR, AMOUNT, END) \ do \ { \ @@ -441,6 +446,7 @@ read_uleb128 (unsigned char * data, } \ while (0) +/* Like SAFE_SIGNED_BYTE_GET, but also increments PTR by AMOUNT. */ #define SAFE_SIGNED_BYTE_GET_AND_INC(VAL, PTR, AMOUNT, END) \ do \ { \ @@ -6543,6 +6549,7 @@ display_debug_ranges_list (unsigned char *start, unsigned char *finish, break; SAFE_SIGNED_BYTE_GET_AND_INC (end, start, pointer_size, finish); + printf (" %8.8lx ", offset); if (begin == 0 && end == 0) @@ -6810,6 +6817,13 @@ display_debug_ranges (struct dwarf_section *section, continue; } + if (next < section_begin || next >= finish) + { + warn (_("Corrupt offset (%#8.8lx) in range entry %u\n"), + (unsigned long) offset, i); + continue; + } + if (dwarf_check != 0 && i > 0) { if (start < next) @@ -6825,6 +6839,7 @@ display_debug_ranges (struct dwarf_section *section, (unsigned long) (next - section_begin), section->name); } } + start = next; last_start = next; |