projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b3abceb)
asan: heap buffer overflow in dwarf2_directive_filename
authorAlan Modra <amodra@gmail.com>
Wed, 1 Jun 2022 08:14:41 +0000 (17:44 +0930)
committerAlan Modra <amodra@gmail.com>
Thu, 2 Jun 2022 06:24:14 +0000 (15:54 +0930)
Seen with .file 4294967289 "xxx.c"

* dwarf2dbg.c (assign_file_to_slot): Catch more cases of integer
overflow.  Make param i an unsigned int.

gas/dwarf2dbg.c patch | blob | history

diff --git a/gas/dwarf2dbg.c b/gas/dwarf2dbg.c
index 185d57c253fde2c3b00f08e58be5c9a0993e38bf..b4b252970c16507527fd82f94cac56ee6e464f13 100644 (file)
--- a/gas/dwarf2dbg.c
+++ b/gas/dwarf2dbg.c
@@ -679,7 +679,7 @@ get_directory_table_entry (const char *dirname,
 }
 
 static bool
-assign_file_to_slot (unsigned long i, const char *file, unsigned int dir)
+assign_file_to_slot (unsigned int i, const char *file, unsigned int dir)
 {
   if (i >= files_allocated)
     {
@@ -687,9 +687,11 @@ assign_file_to_slot (unsigned long i, const char *file, unsigned int dir)
 
       files_allocated = i + 32;
       /* Catch wraparound.  */
-      if (files_allocated <= old)
+      if (files_allocated < old
+         || files_allocated < i
+         || files_allocated > UINT_MAX / sizeof (struct file_entry))
        {
-         as_bad (_("file number %lu is too big"), (unsigned long) i);
+         as_bad (_("file number %u is too big"), i);
          return false;
        }