mirror/binutils-gdb
2
0
Fork 0
mirror of https://sourceware.org/git/binutils-gdb.git synced 2025-01-06 12:09:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

objdump buffer overflow in fetch_indexed_string

Browse Source 
PR 30361
	* dwarf.c (fetch_indexed_string): Sanity check string index.
This commit is contained in:
Alan Modra 2023-04-18 10:20:08 +09:30
parent a0fc6845a9
commit 34d63622f6
1 changed files with 7 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
binutils/dwarf.c
View File

@ -659,14 +659,13 @@ fetch_indexed_string (uint64_t idx,
return (dwo ? _("<no .debug_str.dwo section>")
: _("<no .debug_str section>"));
index_offset = idx * offset_size;
if (this_set != NULL)
index_offset += this_set->section_offsets [DW_SECT_STR_OFFSETS];
index_offset += str_offsets_base;
if (index_offset + offset_size > index_section->size)
if (_mul_overflow (idx, offset_size, &index_offset)
|| (this_set != NULL
&& ((index_offset += this_set->section_offsets [DW_SECT_STR_OFFSETS])
< this_set->section_offsets [DW_SECT_STR_OFFSETS]))
|| (index_offset += str_offsets_base) < str_offsets_base
|| index_offset + offset_size < offset_size
|| index_offset + offset_size > index_section->size)
{
warn (_("string index of %" PRIu64 " converts to an offset of %#" PRIx64
" which is too big for section %s"),
@ -675,11 +674,6 @@ fetch_indexed_string (uint64_t idx,
return _("<string index too big>");
}
/* FIXME: If we are being paranoid then we should also check to see if
IDX references an entry beyond the end of the string table pointed to
by STR_OFFSETS_BASE. (Since there can be more than one string table
in a DWARF string section). */
str_offset = byte_get (index_section->start + index_offset, offset_size);
str_offset -= str_section->address;