PR28862, heap-buffer-overflow in parse_stab_string

I have no info on the format of a "SUNPRO C++ Namespace" stab, so am
relying on the previous code being correct in parsing these stabs.
Just don't allow NULs anywhere in the stab.

	PR 28862
	* stabs.c (parse_stab_string): Don't overrun buffer when parsing
	'Y' stab.

diff --git a/binutils/stabs.c b/binutils/stabs.c
index 1e78c0d17694fc5fded2bc812e3f9952d95499a8..2b5241637c101d90aaab0ffc1f4fe79ad9f2c66c 100644 (file)
--- a/binutils/stabs.c
+++ b/binutils/stabs.c
@@ -1129,13 +1129,13 @@ parse_stab_string (void *dhandle, struct stab_handle *info, int stabtype,
     case 'Y':
       /* SUNPro C++ Namespace =Yn0.  */
       /* Skip the namespace mapping, as it is not used now.  */
-      if (*(++p) == 'n' && *(++p) == '0')
+      if (*p++ != 0 && *p++ == 'n' && *p++ == '0')
        {
          /* =Yn0name; */
-         while (*p != ';')
+         while (*p && *p != ';')
            ++p;
-         ++p;
-         return true;
+         if (*p)
+           return true;
        }
       /* TODO SUNPro C++ support:
          Support default arguments after F,P parameters