diff options
| author | Sandra Loosemore <sandra@codesourcery.com> | 2019-04-25 07:27:02 -0700 |
|---|---|---|
| committer | Sandra Loosemore <sandra@codesourcery.com> | 2019-04-25 07:27:02 -0700 |
| commit | 723adb650a31859d7cc45832cb8adca0206455ed (patch) | |
| tree | 7901cb38a9a47bfdf79e1165887414f8ca46f8c8 /ld | |
| parent | 68bb0359eec3093560929b8ad2b3f5d30e7a7e1d (diff) | |
| download | gdb-723adb650a31859d7cc45832cb8adca0206455ed.zip gdb-723adb650a31859d7cc45832cb8adca0206455ed.tar.gz gdb-723adb650a31859d7cc45832cb8adca0206455ed.tar.bz2 | |
Detect invalid length field in debug frame FDE header.
GDB was failing to catch cases where a corrupt ELF or core file
contained an invalid length value in a Dwarf debug frame FDE header.
It was checking for buffer overflow but not cases where the length was
negative or caused pointer wrap-around.
In addition to the additional validity check, this patch cleans up the
multiple signed/unsigned conversions on the length field so that an
unsigned representation is used consistently throughout.
This patch fixes CVE-2017-9778 and PR gdb/21600.
2019-04-25 Sandra Loosemore <sandra@codesourcery.com>
Kang Li <kanglictf@gmail.com>
PR gdb/21600
* dwarf2-frame.c (read_initial_length): Be consistent about using
unsigned representation of length.
(decode_frame_entry_1): Likewise. Check for wraparound of
end pointer as well as buffer overflow.
Diffstat (limited to 'ld')
0 files changed, 0 insertions, 0 deletions