aboutsummaryrefslogtreecommitdiff
path: root/binutils/dwarf.c
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2017-09-26 12:14:42 +0100
committerNick Clifton <nickc@redhat.com>2017-09-26 12:14:42 +0100
commit5c1c468d0eddd0fda1ec8c5f33888657f94e3266 (patch)
treeeb16aa0066df301e6fec7d52360c56f5c4cb5f1e /binutils/dwarf.c
parent28d810f7ffd7fefd88117e9d830e7588591fd35c (diff)
downloadgdb-5c1c468d0eddd0fda1ec8c5f33888657f94e3266.zip
gdb-5c1c468d0eddd0fda1ec8c5f33888657f94e3266.tar.gz
gdb-5c1c468d0eddd0fda1ec8c5f33888657f94e3266.tar.bz2
Fix address violations when parsing a corrupt DWARF linenumber table.
PR 22154 * dwarf.c (get_line_filename_and_dirname): Add extra checks for buffer overruns.
Diffstat (limited to 'binutils/dwarf.c')
-rw-r--r--binutils/dwarf.c21
1 files changed, 16 insertions, 5 deletions
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index d4156e4..edc65aa 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -4742,13 +4742,21 @@ get_line_filename_and_dirname (dwarf_vma line_offset,
return NULL;
hdrptr += opcode_base - 1;
+ if (hdrptr >= end)
+ return NULL;
+
dirtable = hdrptr;
/* Skip over dirname table. */
while (*hdrptr != '\0')
- hdrptr += strnlen ((char *) hdrptr, end - hdrptr) + 1;
+ {
+ hdrptr += strnlen ((char *) hdrptr, end - hdrptr) + 1;
+ if (hdrptr >= end)
+ return NULL;
+ }
hdrptr++; /* Skip the NUL at the end of the table. */
+
/* Now skip over preceding filename table entries. */
- for (; *hdrptr != '\0' && fileidx > 1; fileidx--)
+ for (; hdrptr < end && *hdrptr != '\0' && fileidx > 1; fileidx--)
{
hdrptr += strnlen ((char *) hdrptr, end - hdrptr) + 1;
read_uleb128 (hdrptr, &bytes_read, end);
@@ -4758,16 +4766,19 @@ get_line_filename_and_dirname (dwarf_vma line_offset,
read_uleb128 (hdrptr, &bytes_read, end);
hdrptr += bytes_read;
}
- if (hdrptr == end || *hdrptr == '\0')
+ if (hdrptr >= end || *hdrptr == '\0')
return NULL;
+
file_name = hdrptr;
hdrptr += strnlen ((char *) hdrptr, end - hdrptr) + 1;
+ if (hdrptr >= end)
+ return NULL;
diridx = read_uleb128 (hdrptr, &bytes_read, end);
if (diridx == 0)
return file_name;
- for (; *dirtable != '\0' && diridx > 1; diridx--)
+ for (; dirtable < end && *dirtable != '\0' && diridx > 1; diridx--)
dirtable += strnlen ((char *) dirtable, end - dirtable) + 1;
- if (*dirtable == '\0')
+ if (dirtable >= end || *dirtable == '\0')
return NULL;
*dir_name = dirtable;
return file_name;