aboutsummaryrefslogtreecommitdiff
path: root/binutils
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2017-09-27 10:42:51 +0100
committerNick Clifton <nickc@redhat.com>2017-09-27 10:42:51 +0100
commit19485196044b2521af979f1e5c4a89bfb90fba0b (patch)
tree5778ce66c09d82b8b957ad276b136fd9e3ff1498 /binutils
parent6bd6a03d6975a96802b37741a99644570e52a72b (diff)
downloadgdb-19485196044b2521af979f1e5c4a89bfb90fba0b.zip
gdb-19485196044b2521af979f1e5c4a89bfb90fba0b.tar.gz
gdb-19485196044b2521af979f1e5c4a89bfb90fba0b.tar.bz2
Prevent an infinite loop in the DWARF parsing code when encountering a CU structure with a small negative size.
PR 22219 * dwarf.c (process_debug_info): Add a check for a negative cu_length field.
Diffstat (limited to 'binutils')
-rw-r--r--binutils/ChangeLog6
-rw-r--r--binutils/dwarf.c11
2 files changed, 16 insertions, 1 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index a4de14c..333ad86 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2017-09-27 Nick Clifton <nickc@redhat.com>
+
+ PR 22219
+ * dwarf.c (process_debug_info): Add a check for a negative
+ cu_length field.
+
2017-09-27 Alan Modra <amodra@gmail.com>
PR 22216
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index edc65aa..7ded1bf 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -2591,7 +2591,7 @@ process_debug_info (struct dwarf_section *section,
int level, last_level, saved_level;
dwarf_vma cu_offset;
unsigned int offset_size;
- int initial_length_size;
+ unsigned int initial_length_size;
dwarf_vma signature_high = 0;
dwarf_vma signature_low = 0;
dwarf_vma type_offset = 0;
@@ -2739,6 +2739,15 @@ process_debug_info (struct dwarf_section *section,
num_units = unit;
break;
}
+ else if (compunit.cu_length + initial_length_size < initial_length_size)
+ {
+ warn (_("Debug info is corrupted, length of CU at %s is negative (%s)\n"),
+ dwarf_vmatoa ("x", cu_offset),
+ dwarf_vmatoa ("x", compunit.cu_length));
+ num_units = unit;
+ break;
+ }
+
tags = hdrptr;
start += compunit.cu_length + initial_length_size;