Fix seg-fault in readelf when decoding corrupt IA64 unwind information.

PR binutils/18420 * ia64-unwind.c (unw_decode): Add end parameter. Pass parameter on to decode functions. (unw_devode_p2_p5): Pass end paraemter to UNW_DEC_SPILL_MASK. (UNW_DEC_SPILL_MASK): Add end parameter. Check that unw_rlen does not take us beyond the end of the buffer. * ia64-unwind.h (unw_decode): Update prototype. * readelf.c (dump_ia64_unwind): Pass end pointer to unw_decode.
author: Nick Clifton <nickc@redhat.com> 2015-05-18 15:58:46 +0100
committer: Nick Clifton <nickc@redhat.com> 2015-05-18 15:58:46 +0100
commit: b4477bc81824800248d44f141aeaf63e00314a01 (patch)
tree: d2bb94c922fcbf4e860b6dd1d688644e94a825b0 /binutils/readelf.c
parent: 35d7c4317b85948f0a3e021d719811481d13fe45 (diff)
download: gdb-b4477bc81824800248d44f141aeaf63e00314a01.zip
gdb-b4477bc81824800248d44f141aeaf63e00314a01.tar.gz
gdb-b4477bc81824800248d44f141aeaf63e00314a01.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 6369aa9..b584db5 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -6735,7 +6735,7 @@ dump_ia64_unwind (struct ia64_unw_aux_info * aux)
       if (end > aux->info + aux->info_size)
 	end = aux->info + aux->info_size;
       for (dp = head + 8; dp < end;)
-	dp = unw_decode (dp, in_body, & in_body);
+	dp = unw_decode (dp, in_body, & in_body, end);
     }
 
   free (aux->funtab);
author	Nick Clifton <nickc@redhat.com>	2015-05-18 15:58:46 +0100
committer	Nick Clifton <nickc@redhat.com>	2015-05-18 15:58:46 +0100
commit	b4477bc81824800248d44f141aeaf63e00314a01 (patch)
tree	d2bb94c922fcbf4e860b6dd1d688644e94a825b0 /binutils/readelf.c
parent	35d7c4317b85948f0a3e021d719811481d13fe45 (diff)
download	gdb-b4477bc81824800248d44f141aeaf63e00314a01.zip gdb-b4477bc81824800248d44f141aeaf63e00314a01.tar.gz gdb-b4477bc81824800248d44f141aeaf63e00314a01.tar.bz2