diff options
| author | Alan Modra <amodra@gmail.com> | 2021-05-15 15:22:39 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2021-05-15 15:23:53 +0930 |
| commit | c93c4a85406ebd811ec0b29f1dec882cbba56659 (patch) | |
| tree | 69bc396cbdd9b5c379cd64f1461f080db4c24a3d /binutils | |
| parent | b4951546078b869ce2f720561a2c59cfe2d005c9 (diff) | |
| download | gdb-c93c4a85406ebd811ec0b29f1dec882cbba56659.zip gdb-c93c4a85406ebd811ec0b29f1dec882cbba56659.tar.gz gdb-c93c4a85406ebd811ec0b29f1dec882cbba56659.tar.bz2 | |
read_cie
* dwarf.c (read_cie): Add more sanity checks to ensure data
pointer is not bumped past end.
Diffstat (limited to 'binutils')
| -rw-r--r-- | binutils/ChangeLog | 5 | ||||
| -rw-r--r-- | binutils/dwarf.c | 13 |
2 files changed, 17 insertions, 1 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 9d646ed..f2d363e 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,5 +1,10 @@ 2021-05-15 Alan Modra <amodra@gmail.com> + * dwarf.c (read_cie): Add more sanity checks to ensure data + pointer is not bumped past end. + +2021-05-15 Alan Modra <amodra@gmail.com> + * dwarf.c (display_debug_ranges): Delete initial_length_size. Correct fallback size calculated on finding a reloc. Constrain data reads to length given in header. Avoid pointer UB. diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 9243c85..93e6d73 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -8409,10 +8409,16 @@ read_cie (unsigned char *start, unsigned char *end, } if (strcmp (fc->augmentation, "eh") == 0) - start += eh_addr_size; + { + if (eh_addr_size > (size_t) (end - start)) + goto fail; + start += eh_addr_size; + } if (version >= 4) { + if (2 > (size_t) (end - start)) + goto fail; GET (fc->ptr_size, 1); if (fc->ptr_size < 1 || fc->ptr_size > 8) { @@ -8439,6 +8445,9 @@ read_cie (unsigned char *start, unsigned char *end, READ_ULEB (fc->code_factor, start, end); READ_SLEB (fc->data_factor, start, end); + if (start >= end) + goto fail; + if (version == 1) { GET (fc->ra, 1); @@ -8450,6 +8459,8 @@ read_cie (unsigned char *start, unsigned char *end, if (fc->augmentation[0] == 'z') { + if (start >= end) + goto fail; READ_ULEB (augmentation_data_len, start, end); augmentation_data = start; /* PR 17512: file: 11042-2589-0.004. */ |