diff options
author | Nick Clifton <nickc@redhat.com> | 2021-05-13 14:31:09 +0100 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2021-05-13 14:31:09 +0100 |
commit | c4375dd764b2e28b585048c55014d4d8fbe2e820 (patch) | |
tree | ab64600686b12d827b95e7afd58c92fb71399818 /binutils | |
parent | b96a1bcb81078d6443666a59d6a91368ac03767f (diff) | |
download | gdb-c4375dd764b2e28b585048c55014d4d8fbe2e820.zip gdb-c4375dd764b2e28b585048c55014d4d8fbe2e820.tar.gz gdb-c4375dd764b2e28b585048c55014d4d8fbe2e820.tar.bz2 |
Fix an infinite loop in the DWARF decoder when parsing a corrupt string table.
PR 27861
* dwarf.c (display_debug_str_offsets): Warn if the length field is
larger than the amount of data remaining in the section.
Diffstat (limited to 'binutils')
-rw-r--r-- | binutils/ChangeLog | 6 | ||||
-rw-r--r-- | binutils/dwarf.c | 9 |
2 files changed, 14 insertions, 1 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 85d21eb..42efebf 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,9 @@ +2021-05-13 Nick Clifton <nickc@redhat.com> + + PR 27861 + * dwarf.c (display_debug_str_offsets): Warn if the length field is + larger than the amount of data remaining in the section. + 2021-05-13 Alan Modra <amodra@gmail.com> PR 27861 diff --git a/binutils/dwarf.c b/binutils/dwarf.c index b22d33c..20ffe4b 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -7509,6 +7509,13 @@ display_debug_str_offsets (struct dwarf_section *section, printf (_(" Length: %#lx\n"), (unsigned long) length); printf (_(" Version: %#lx\n"), (unsigned long) version); printf (_(" Index Offset [String]\n")); + + if (entries_end > end) + { + warn (_("Length value (0x%s) > data remaining in the section (0x%lx)\n"), + dwarf_vmatoa ("x", length), (long)(end - curr)); + entries_end = end; + } } for (idx = 0; curr < entries_end; idx++) @@ -7520,7 +7527,7 @@ display_debug_str_offsets (struct dwarf_section *section, /* Not enough space to read one entry_length, give up. */ return 0; - SAFE_BYTE_GET_AND_INC (offset, curr, entry_length, end); + SAFE_BYTE_GET_AND_INC (offset, curr, entry_length, entries_end); if (dwo) string = (const unsigned char *) fetch_indexed_string (idx, NULL, entry_length, dwo); |