objdump: file name table entry count check

Fuzzers have found that objdump -W takes a really long time if
the entry count uleb is ridiculously large, and format attributes
don't consume data (which doesn't make sense for a table of names).

	* dwarf.c (display_formatted_table): Sanity check count of
	table entries.

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 4f695bf2bcac467963242be2d8ce05e7163ce9bf..3ebc45ae373b73c88741d8e3b7830991385630e5 100644 (file)
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -4313,10 +4313,10 @@ display_formatted_table (unsigned char *data,
       printf (_("\n The %s is empty.\n"), table_name);
       return data;
     }
-  else if (data >= end)
+  else if (data >= end
+          || data_count > (size_t) (end - data))
     {
-      warn (_("%s: Corrupt entry count - expected %#" PRIx64
-             " but none found\n"), table_name, data_count);
+      warn (_("%s: Corrupt entry count %#" PRIx64 "\n"), table_name, data_count);
       return data;
     }