aboutsummaryrefslogtreecommitdiff
path: root/binutils
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2021-05-12 15:11:43 +0930
committerAlan Modra <amodra@gmail.com>2021-05-12 15:41:10 +0930
commit55b26492bbd05637f24b9b70a507e842e466b723 (patch)
tree2941b78c943f601f7b0b23b22fb9d572bfe886f6 /binutils
parent5ab3907543816d62a8dfd0f7f342ae66814bb0eb (diff)
downloadgdb-55b26492bbd05637f24b9b70a507e842e466b723.zip
gdb-55b26492bbd05637f24b9b70a507e842e466b723.tar.gz
gdb-55b26492bbd05637f24b9b70a507e842e466b723.tar.bz2
PR27853, Infinite loop in dwarf.c
Not quite infinite but much longer than it need be. The problem is triggered by read_and_display_attr_value incrementing "data" past "end". read_and_display_attr_value shouldn't do that, but be defensive. PR 27853 * dwarf.c (display_formatted_table): Test for data >= end rather than data == end. (process_extended_line_op): Likewise. (display_debug_lines_raw): Likewise. (display_debug_lines_decoded): Likewise.
Diffstat (limited to 'binutils')
-rw-r--r--binutils/ChangeLog9
-rw-r--r--binutils/dwarf.c24
2 files changed, 21 insertions, 12 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 9e0611e..be50b31 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,5 +1,14 @@
2021-05-12 Alan Modra <amodra@gmail.com>
+ PR 27853
+ * dwarf.c (display_formatted_table): Test for data >= end rather
+ than data == end.
+ (process_extended_line_op): Likewise.
+ (display_debug_lines_raw): Likewise.
+ (display_debug_lines_decoded): Likewise.
+
+2021-05-12 Alan Modra <amodra@gmail.com>
+
PR 27849
* dwarf.c (fetch_indexed_string): Correct length sanity checks.
Sanity check section size for version and padding too. Correct
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 336a3d5..896035c 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -521,7 +521,7 @@ process_extended_line_op (unsigned char * data,
READ_ULEB (len, data, end);
header_len = data - orig_data;
- if (len == 0 || data == end || len > (size_t) (end - data))
+ if (len == 0 || data >= end || len > (size_t) (end - data))
{
warn (_("Badly formed extended line op encountered!\n"));
return header_len;
@@ -574,7 +574,7 @@ process_extended_line_op (unsigned char * data,
printf ("%.*s\n\n", (int) l, name);
}
- if (((size_t) (data - orig_data) != len + header_len) || data == end)
+ if (((size_t) (data - orig_data) != len + header_len) || data >= end)
warn (_("DW_LNE_define_file: Bad opcode length\n"));
break;
@@ -4327,7 +4327,7 @@ display_formatted_table (unsigned char *data,
{
SKIP_ULEB (data, end);
SKIP_ULEB (data, end);
- if (data == end)
+ if (data >= end)
{
warn (_("%s: Corrupt format description entry\n"), table_name);
return data;
@@ -4340,7 +4340,7 @@ display_formatted_table (unsigned char *data,
printf (_("\n The %s is empty.\n"), table_name);
return data;
}
- else if (data == end)
+ else if (data >= end)
{
warn (_("%s: Corrupt entry count - expected %s but none found\n"),
table_name, dwarf_vmatoa ("x", data_count));
@@ -4419,7 +4419,7 @@ display_formatted_table (unsigned char *data,
}
}
- if (data == end && (datai < data_count - 1))
+ if (data >= end && (datai < data_count - 1))
{
warn (_("\n%s: Corrupt entries list\n"), table_name);
return data;
@@ -4665,7 +4665,7 @@ display_debug_lines_raw (struct dwarf_section * section,
printf ("%s\t", dwarf_vmatoa ("u", val));
printf ("%.*s\n", (int)(end - name), name);
- if (data == end)
+ if (data >= end)
{
warn (_("Corrupt file name table entry\n"));
break;
@@ -5013,7 +5013,7 @@ display_debug_lines_decoded (struct dwarf_section * section,
}
READ_ULEB (n_directories, data, end);
- if (data == end)
+ if (data >= end)
{
warn (_("Corrupt directories list\n"));
break;
@@ -5037,7 +5037,7 @@ display_debug_lines_decoded (struct dwarf_section * section,
READ_ULEB (content_type, format, end);
READ_ULEB (form, format, end);
- if (data == end)
+ if (data >= end)
{
warn (_("Corrupt directories list\n"));
break;
@@ -5067,7 +5067,7 @@ display_debug_lines_decoded (struct dwarf_section * section,
NULL, 1, section,
NULL, '\t', -1);
}
- if (data == end)
+ if (data >= end)
{
warn (_("Corrupt directories list\n"));
break;
@@ -5087,7 +5087,7 @@ display_debug_lines_decoded (struct dwarf_section * section,
}
READ_ULEB (n_files, data, end);
- if (data == end && n_files > 0)
+ if (data >= end && n_files > 0)
{
warn (_("Corrupt file name list\n"));
break;
@@ -5112,7 +5112,7 @@ display_debug_lines_decoded (struct dwarf_section * section,
READ_ULEB (content_type, format, end);
READ_ULEB (form, format, end);
- if (data == end)
+ if (data >= end)
{
warn (_("Corrupt file name list\n"));
break;
@@ -5159,7 +5159,7 @@ display_debug_lines_decoded (struct dwarf_section * section,
NULL, 1, section,
NULL, '\t', -1);
}
- if (data == end)
+ if (data >= end)
{
warn (_("Corrupt file name list\n"));
break;