diff options
-rw-r--r-- | binutils/ChangeLog | 6 | ||||
-rw-r--r-- | binutils/dwarf.c | 11 |
2 files changed, 16 insertions, 1 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index a4de14c..333ad86 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,9 @@ +2017-09-27 Nick Clifton <nickc@redhat.com> + + PR 22219 + * dwarf.c (process_debug_info): Add a check for a negative + cu_length field. + 2017-09-27 Alan Modra <amodra@gmail.com> PR 22216 diff --git a/binutils/dwarf.c b/binutils/dwarf.c index edc65aa..7ded1bf 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -2591,7 +2591,7 @@ process_debug_info (struct dwarf_section *section, int level, last_level, saved_level; dwarf_vma cu_offset; unsigned int offset_size; - int initial_length_size; + unsigned int initial_length_size; dwarf_vma signature_high = 0; dwarf_vma signature_low = 0; dwarf_vma type_offset = 0; @@ -2739,6 +2739,15 @@ process_debug_info (struct dwarf_section *section, num_units = unit; break; } + else if (compunit.cu_length + initial_length_size < initial_length_size) + { + warn (_("Debug info is corrupted, length of CU at %s is negative (%s)\n"), + dwarf_vmatoa ("x", cu_offset), + dwarf_vmatoa ("x", compunit.cu_length)); + num_units = unit; + break; + } + tags = hdrptr; start += compunit.cu_length + initial_length_size; |