mirror/binutils-gdb
2
0
Fork 0
mirror of https://sourceware.org/git/binutils-gdb.git synced 2025-04-18 14:41:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential integer overflow when reading corrupt dwarf1 debug information.

Browse Source 
PR 22894
	* dwarf1.c (parse_die): Check the length of form blocks before
	advancing the data pointer.
This commit is contained in:
Nick Clifton 2018-02-28 10:13:54 +00:00
parent 0d329c0a83
commit eef104664e
2 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bfd/ChangeLog
View File

@ -1,3 +1,9 @@
2018-02-28 Nick Clifton <nickc@redhat.com>
PR 22894
* dwarf1.c (parse_die): Check the length of form blocks before
advancing the data pointer.
2018-02-28 Alan Modra <amodra@gmail.com>
PR 22887

17
bfd/dwarf1.c
View File

@ -213,6 +213,7 @@ parse_die (bfd * abfd,
/* Then the attributes. */
while (xptr + 2 <= aDiePtrEnd)
{
unsigned int block_len;
unsigned short attr;
/* Parse the attribute based on its form. This section
@ -255,12 +256,24 @@ parse_die (bfd * abfd,
break;
case FORM_BLOCK2:
if (xptr + 2 <= aDiePtrEnd)
xptr += bfd_get_16 (abfd, xptr);
{
block_len = bfd_get_16 (abfd, xptr);
if (xptr + block_len > aDiePtrEnd
|| xptr + block_len < xptr)
return FALSE;
xptr += block_len;
}
xptr += 2;
break;
case FORM_BLOCK4:
if (xptr + 4 <= aDiePtrEnd)
xptr += bfd_get_32 (abfd, xptr);
{
block_len = bfd_get_32 (abfd, xptr);
if (xptr + block_len > aDiePtrEnd
|| xptr + block_len < xptr)
return FALSE;
xptr += block_len;
}
xptr += 4;
break;
case FORM_STRING: