PR27861, Infinite loop in dwarf.c:7507-7526

author Alan Modra <amodra@gmail.com>

Thu, 13 May 2021 13:16:36 +0000 (22:46 +0930)

committer Alan Modra <amodra@gmail.com>

Thu, 13 May 2021 13:19:17 +0000 (22:49 +0930)
author Alan Modra <amodra@gmail.com>
Thu, 13 May 2021 13:16:36 +0000 (22:46 +0930)
committer Alan Modra <amodra@gmail.com>
Thu, 13 May 2021 13:19:17 +0000 (22:49 +0930)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog

index 335c7d02fa81593bd99eae053039a7d5409677d3..85d21ebfa6b2e5fb90100ac7475b021eedbb815d 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2021-05-13  Alan Modra  <amodra@gmail.com>
+
+       PR 27861
+       * dwarf.c (display_debug_str_offsets): Sanity check dwarf5
+       header length.
+
  2021-05-13  Alan Modra  <amodra@gmail.com>
  
         PR 27860
diff --git a/binutils/dwarf.c b/binutils/dwarf.c

index 20bd92657b319dae14889697af3762d49e57ea29..b22d33c43dd3c4612bdb7f6a498ee7be56ff7407 100644 (file)
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -7487,7 +7487,14 @@ display_debug_str_offsets (struct dwarf_section *section,
         }
        else
         {
-         entries_end = curr + length;
+         if (length <= (dwarf_vma) (end - curr))
+           entries_end = curr + length;
+         else
+           {
+             warn (_("Section %s is too small %#lx\n"),
+                   section->name, (unsigned long) section->size);
+             entries_end = end;
+           }
  
           int version;
           SAFE_BYTE_GET_AND_INC (version, curr, 2, end);
author	Alan Modra <amodra@gmail.com>
	Thu, 13 May 2021 13:16:36 +0000 (22:46 +0930)
committer	Alan Modra <amodra@gmail.com>
	Thu, 13 May 2021 13:19:17 +0000 (22:49 +0930)
binutils/ChangeLog		patch \| blob \| history
binutils/dwarf.c		patch \| blob \| history