diff options
| author | Alan Modra <amodra@gmail.com> | 2022-02-08 20:21:01 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2022-02-08 20:28:52 +1030 |
| commit | 481153777e278b71e694fd2db6b897f7a9e3dcb8 (patch) | |
| tree | 29e8d0620cdc67be420e7a87637377b029a87085 /binutils | |
| parent | cb5a1d7db9050fe43ec559d47965e146239c0c34 (diff) | |
| download | gdb-481153777e278b71e694fd2db6b897f7a9e3dcb8.zip gdb-481153777e278b71e694fd2db6b897f7a9e3dcb8.tar.gz gdb-481153777e278b71e694fd2db6b897f7a9e3dcb8.tar.bz2 | |
PR28862, heap-buffer-overflow in parse_stab_string
I have no info on the format of a "SUNPRO C++ Namespace" stab, so am
relying on the previous code being correct in parsing these stabs.
Just don't allow NULs anywhere in the stab.
PR 28862
* stabs.c (parse_stab_string): Don't overrun buffer when parsing
'Y' stab.
Diffstat (limited to 'binutils')
| -rw-r--r-- | binutils/stabs.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/binutils/stabs.c b/binutils/stabs.c index 1e78c0d..2b52416 100644 --- a/binutils/stabs.c +++ b/binutils/stabs.c @@ -1129,13 +1129,13 @@ parse_stab_string (void *dhandle, struct stab_handle *info, int stabtype, case 'Y': /* SUNPro C++ Namespace =Yn0. */ /* Skip the namespace mapping, as it is not used now. */ - if (*(++p) == 'n' && *(++p) == '0') + if (*p++ != 0 && *p++ == 'n' && *p++ == '0') { /* =Yn0name; */ - while (*p != ';') + while (*p && *p != ';') ++p; - ++p; - return true; + if (*p) + return true; } /* TODO SUNPro C++ support: Support default arguments after F,P parameters |