diff options
author | Alan Modra <amodra@gmail.com> | 2021-05-10 09:56:43 +0930 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2021-05-10 10:03:00 +0930 |
commit | 2d4b49864eba70606b1bee3d0a3e8414189dcd6d (patch) | |
tree | f3a8c3cd72a12ea0b3181a388beea89de5ac7448 /binutils/dwarf.c | |
parent | 400f0c9b88c68784f9c516422f293bc4d19d9e5b (diff) | |
download | gdb-2d4b49864eba70606b1bee3d0a3e8414189dcd6d.zip gdb-2d4b49864eba70606b1bee3d0a3e8414189dcd6d.tar.gz gdb-2d4b49864eba70606b1bee3d0a3e8414189dcd6d.tar.bz2 |
Avoid possible pointer wrap
PTR supplied to these macros can be read from user input, END is an
end of buffer pointer. It's safer to do arithmetic on END than on PTR.
* dwarf.c (SAFE_BYTE_GET): Check bounds by subtracting amount from
END rather than adding amount to PTR.
(SAFE_SIGNED_BYTE_GET, SAFE_BYTE_GET64): Likewise.
Diffstat (limited to 'binutils/dwarf.c')
-rw-r--r-- | binutils/dwarf.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/binutils/dwarf.c b/binutils/dwarf.c index d93d923..c584f5b 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -406,7 +406,7 @@ read_leb128 (unsigned char *data, amount, (int) sizeof (VAL)); \ amount = sizeof (VAL); \ } \ - if (((PTR) + amount) >= (END)) \ + if ((PTR) >= (END) - amount) \ { \ if ((PTR) < (END)) \ amount = (END) - (PTR); \ @@ -434,7 +434,7 @@ read_leb128 (unsigned char *data, do \ { \ unsigned int amount = (AMOUNT); \ - if (((PTR) + amount) >= (END)) \ + if ((PTR) >= (END) - amount) \ { \ if ((PTR) < (END)) \ amount = (END) - (PTR); \ @@ -460,7 +460,7 @@ read_leb128 (unsigned char *data, #define SAFE_BYTE_GET64(PTR, HIGH, LOW, END) \ do \ { \ - if (((PTR) + 8) <= (END)) \ + if ((PTR) <= (END) - 8) \ { \ byte_get_64 ((PTR), (HIGH), (LOW)); \ } \ |