Prevent a buffer overrun when parsing corrupt STABS debug information.

	PR 22957
	* stabs.c (pop_binincl): Fail if the file index is off the end of
	the stack.

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index aab8cf6cb894bb01ee6dd4249bf497ed7480c6a3..233d5cb998a8f7fc8c22951560a327a0c980102b 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2018-03-13  Nick Clifton  <nickc@redhat.com>
+
+       PR 22957
+       * stabs.c (pop_binincl): Fail if the file index is off the end of
+       the stack.
+
 2018-03-13  Nick Clifton  <nickc@redhat.com>
 
        PR 22955
@@ -19,6 +25,7 @@
        (parse_stab_members): Likewise.
        (parse_stab_tilde_field): Likewise.
        (parse_stab_array_type): Likewise.
+
        * parse_stab: Compute the end of the string and then pass it on to
        individual parser functions.
 

diff --git a/binutils/stabs.c b/binutils/stabs.c
index 807ca1e3c4ab2d59fb65043ae6c4340c3180db50..bf536075607889ae97f967b2919f0dab5018c9a6 100644 (file)
--- a/binutils/stabs.c
+++ b/binutils/stabs.c
@@ -449,7 +449,6 @@ parse_stab (void *dhandle, void *handle, int type, int desc, bfd_vma value,
       info->file_types = ((struct stab_types **)
                          xmalloc (sizeof *info->file_types));
       info->file_types[0] = NULL;
-
       info->so_string = NULL;
 
       /* Now process whatever type we just got.  */
@@ -3326,6 +3325,9 @@ pop_bincl (struct stab_handle *info)
     return info->main_filename;
   info->bincl_stack = o->next_stack;
 
+  if (o->file >= info->files)
+    return info->main_filename;
+
   o->file_types = info->file_types[o->file];
 
   if (info->bincl_stack == NULL)