projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2e18755)
Fix illegal memory access whilst parsing corrupt DWARF debug information.
authorNick Clifton <nickc@redhat.com>
Thu, 2 Dec 2021 17:48:20 +0000 (17:48 +0000)
committerNick Clifton <nickc@redhat.com>
Thu, 2 Dec 2021 17:48:20 +0000 (17:48 +0000)
PR 28645
* dwarf.c (process_cu_tu_index): Add test for overruning section
whilst processing slots.

binutils/ChangeLog patch | blob | history
binutils/dwarf.c patch | blob | history

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index c826243d299bcc77a2d45bb58db2906b37da7f62..215a3d5c2f0a9965d19f04e7c62706789331cd8c 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2021-12-02  Nick Clifton  <nickc@redhat.com>
+
+       PR 28645
+       * dwarf.c (process_cu_tu_index): Add test for overruning section
+       whilst processing slots.
+
 2021-11-30  Roland McGrath  <mcgrathr@google.com>
 
        * doc/local.mk: Give each man page target its missing dependency on
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 6f2a49b48c2108b48b16f50b518dd74ef9d33698..6497e541063d0237bdcb3008531522626dd88fb6 100644 (file)
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -10465,7 +10465,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
         Check for integer overflow (can occur when size_t is 32-bit)
         with overlarge ncols or nused values.  */
       if (nused == -1u
-         || _mul_overflow ((size_t) ncols, 4, &temp)
+         || _mul_overflow ((size_t) ncols, 4, &temp)     
          || _mul_overflow ((size_t) nused + 1, temp, &total)
          || total > (size_t) (limit - ppool))
        {
@@ -10473,7 +10473,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
                section->name);
          return 0;
        }
-
+      
       if (do_display)
        {
          printf (_("  Offset table\n"));
@@ -10596,7 +10596,21 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
              for (j = 0; j < ncols; j++)
                {
                  unsigned char *p = prow + j * 4;
+
+                 /* PR 28645: Check for overflow.  Since we do not know how
+                    many populated rows there will be, we cannot just
+                    perform a single check at the start of this function.  */
+                 if (p > (limit - 4))
+                   {
+                     if (do_display)
+                       printf ("\n");
+                     warn (_("Too many rows/columns in DWARF index section %s\n"),
+                           section->name);
+                     return 0;
+                   }
+
                  SAFE_BYTE_GET (val, p, 4, limit);
+
                  if (do_display)
                    printf (" %8d", val);
                  else