diff options
| author | Nick Clifton <nickc@redhat.com> | 2021-12-02 17:48:20 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2021-12-02 17:48:20 +0000 |
| commit | 117e35f51972acd1f29fd249ef20343258ef5256 (patch) | |
| tree | f308d08b98cde9131fa870f48b4efea5509e504a /binutils | |
| parent | 2e187550373de67a20a2584d595ed9bb18e742ee (diff) | |
| download | gdb-117e35f51972acd1f29fd249ef20343258ef5256.zip gdb-117e35f51972acd1f29fd249ef20343258ef5256.tar.gz gdb-117e35f51972acd1f29fd249ef20343258ef5256.tar.bz2 | |
Fix illegal memory access whilst parsing corrupt DWARF debug information.
PR 28645
* dwarf.c (process_cu_tu_index): Add test for overruning section
whilst processing slots.
Diffstat (limited to 'binutils')
| -rw-r--r-- | binutils/ChangeLog | 6 | ||||
| -rw-r--r-- | binutils/dwarf.c | 18 |
2 files changed, 22 insertions, 2 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index c826243..215a3d5 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,9 @@ +2021-12-02 Nick Clifton <nickc@redhat.com> + + PR 28645 + * dwarf.c (process_cu_tu_index): Add test for overruning section + whilst processing slots. + 2021-11-30 Roland McGrath <mcgrathr@google.com> * doc/local.mk: Give each man page target its missing dependency on diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 6f2a49b..6497e54 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -10465,7 +10465,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display) Check for integer overflow (can occur when size_t is 32-bit) with overlarge ncols or nused values. */ if (nused == -1u - || _mul_overflow ((size_t) ncols, 4, &temp) + || _mul_overflow ((size_t) ncols, 4, &temp) || _mul_overflow ((size_t) nused + 1, temp, &total) || total > (size_t) (limit - ppool)) { @@ -10473,7 +10473,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display) section->name); return 0; } - + if (do_display) { printf (_(" Offset table\n")); @@ -10596,7 +10596,21 @@ process_cu_tu_index (struct dwarf_section *section, int do_display) for (j = 0; j < ncols; j++) { unsigned char *p = prow + j * 4; + + /* PR 28645: Check for overflow. Since we do not know how + many populated rows there will be, we cannot just + perform a single check at the start of this function. */ + if (p > (limit - 4)) + { + if (do_display) + printf ("\n"); + warn (_("Too many rows/columns in DWARF index section %s\n"), + section->name); + return 0; + } + SAFE_BYTE_GET (val, p, 4, limit); + if (do_display) printf (" %8d", val); else |