aboutsummaryrefslogtreecommitdiff
path: root/binutils
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2021-05-13 14:31:09 +0100
committerNick Clifton <nickc@redhat.com>2021-05-13 14:31:09 +0100
commitc4375dd764b2e28b585048c55014d4d8fbe2e820 (patch)
treeab64600686b12d827b95e7afd58c92fb71399818 /binutils
parentb96a1bcb81078d6443666a59d6a91368ac03767f (diff)
downloadgdb-c4375dd764b2e28b585048c55014d4d8fbe2e820.zip
gdb-c4375dd764b2e28b585048c55014d4d8fbe2e820.tar.gz
gdb-c4375dd764b2e28b585048c55014d4d8fbe2e820.tar.bz2
Fix an infinite loop in the DWARF decoder when parsing a corrupt string table.
PR 27861 * dwarf.c (display_debug_str_offsets): Warn if the length field is larger than the amount of data remaining in the section.
Diffstat (limited to 'binutils')
-rw-r--r--binutils/ChangeLog6
-rw-r--r--binutils/dwarf.c9
2 files changed, 14 insertions, 1 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 85d21eb..42efebf 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2021-05-13 Nick Clifton <nickc@redhat.com>
+
+ PR 27861
+ * dwarf.c (display_debug_str_offsets): Warn if the length field is
+ larger than the amount of data remaining in the section.
+
2021-05-13 Alan Modra <amodra@gmail.com>
PR 27861
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index b22d33c..20ffe4b 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -7509,6 +7509,13 @@ display_debug_str_offsets (struct dwarf_section *section,
printf (_(" Length: %#lx\n"), (unsigned long) length);
printf (_(" Version: %#lx\n"), (unsigned long) version);
printf (_(" Index Offset [String]\n"));
+
+ if (entries_end > end)
+ {
+ warn (_("Length value (0x%s) > data remaining in the section (0x%lx)\n"),
+ dwarf_vmatoa ("x", length), (long)(end - curr));
+ entries_end = end;
+ }
}
for (idx = 0; curr < entries_end; idx++)
@@ -7520,7 +7527,7 @@ display_debug_str_offsets (struct dwarf_section *section,
/* Not enough space to read one entry_length, give up. */
return 0;
- SAFE_BYTE_GET_AND_INC (offset, curr, entry_length, end);
+ SAFE_BYTE_GET_AND_INC (offset, curr, entry_length, entries_end);
if (dwo)
string = (const unsigned char *)
fetch_indexed_string (idx, NULL, entry_length, dwo);