diff options
author | Alan Modra <amodra@gmail.com> | 2021-05-11 17:57:04 +0930 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2021-05-12 21:10:33 +0930 |
commit | 0d872fca0293041a5cb7c54a4a04855323563d8e (patch) | |
tree | 6fe20b1324133b5a13ed5a9598d3bfb6a06fe5dd /binutils/dwarf.c | |
parent | ee35ce8200dcd1754061d5dc90fb53f9504c6394 (diff) | |
download | gdb-0d872fca0293041a5cb7c54a4a04855323563d8e.zip gdb-0d872fca0293041a5cb7c54a4a04855323563d8e.tar.gz gdb-0d872fca0293041a5cb7c54a4a04855323563d8e.tar.bz2 |
PR27836, readelf -w pointer comparison UB
PR 27836
* dwarf.c (display_debug_frames): Don't compare pointers derived
from user input. Test offset against bounds instead.
Diffstat (limited to 'binutils/dwarf.c')
-rw-r--r-- | binutils/dwarf.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 896035c..51c0afc 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -8810,16 +8810,18 @@ display_debug_frames (struct dwarf_section *section, { unsigned char *look_for; unsigned long segment_selector; + dwarf_vma cie_off; + cie_off = cie_id; if (is_eh) { dwarf_vma sign = (dwarf_vma) 1 << (offset_size * 8 - 1); - look_for = start - 4 - ((cie_id ^ sign) - sign); + cie_off = (cie_off ^ sign) - sign; + cie_off = start - 4 - section_start - cie_off; } - else - look_for = section_start + cie_id; - if (look_for <= saved_start) + look_for = section_start + cie_off; + if (cie_off <= (dwarf_vma) (saved_start - section_start)) { for (cie = chunks; cie ; cie = cie->next) if (cie->chunk_start == look_for) |