Add check to keep from segfaulting on a corrupt .debug_pubnames section.

author Cary Coutant <ccoutant@google.com>

Mon, 9 Jun 2014 21:55:02 +0000 (14:55 -0700)

committer Cary Coutant <ccoutant@google.com>

Mon, 9 Jun 2014 21:55:02 +0000 (14:55 -0700)
author Cary Coutant <ccoutant@google.com>
Mon, 9 Jun 2014 21:55:02 +0000 (14:55 -0700)
committer Cary Coutant <ccoutant@google.com>
Mon, 9 Jun 2014 21:55:02 +0000 (14:55 -0700)
diff --git a/gold/ChangeLog b/gold/ChangeLog

index 59661a0b759dbfa44c5e28fa283008176c2cf499..151fcde02726396862f586bb15d772f5f27a00dd 100644 (file)
--- a/gold/ChangeLog
+++ b/gold/ChangeLog
@@ -1,3 +1,8 @@
+2014-06-09  Cary Coutant  <ccoutant@google.com>
+
+       * dwarf_reader.cc (Dwarf_pubnames_table::read_header): Check that
+       unit_length is within section bounds.
+
  2014-06-09  Cary Coutant  <ccoutant@google.com>
  
         PR gold/16980
diff --git a/gold/dwarf_reader.cc b/gold/dwarf_reader.cc

index df14bd5ad3e53107a5bf725ec7ab11a8312eb58b..30aea10f5c7591d1fb9ac73a8409f4252d6bea3e 100644 (file)
--- a/gold/dwarf_reader.cc
+++ b/gold/dwarf_reader.cc
@@ -580,6 +580,12 @@ Dwarf_pubnames_table::read_header(off_t offset)
      }
    this->end_of_table_ = pinfo + unit_length;
  
+  // If unit_length is too big, maybe we should reject the whole table,
+  // but in cases we know about, it seems OK to assume that the table
+  // is valid through the actual end of the section.
+  if (this->end_of_table_ > this->buffer_end_)
+    this->end_of_table_ = this->buffer_end_;
+
    // Check the version.
    unsigned int version = this->dwinfo_->read_from_pointer<16>(pinfo);
    pinfo += 2;
author	Cary Coutant <ccoutant@google.com>
	Mon, 9 Jun 2014 21:55:02 +0000 (14:55 -0700)
committer	Cary Coutant <ccoutant@google.com>
	Mon, 9 Jun 2014 21:55:02 +0000 (14:55 -0700)
gold/ChangeLog		patch \| blob \| history
gold/dwarf_reader.cc		patch \| blob \| history