uvalue = 0;
block_start = end;
}
+ /* FIXME: Testing "(block_start + uvalue) < block_start" miscompiles with
+ gcc 4.8.3 running on an x86_64 host in 32-bit mode. So we pre-compute
+ block_start + uvalue here. */
+ data = block_start + uvalue;
/* PR 17512: file: 008-103549-0.001:0.1. */
- if (block_start + uvalue > end)
+ if (block_start + uvalue > end || data < block_start)
{
warn (_("Corrupt attribute block length: %lx\n"), (long) uvalue);
uvalue = end - block_start;
uvalue = 0;
block_start = end;
}
- if (block_start + uvalue > end)
+ data = block_start + uvalue;
+ if (block_start + uvalue > end || data < block_start)
{
warn (_("Corrupt attribute block length: %lx\n"), (long) uvalue);
uvalue = end - block_start;
uvalue = 0;
block_start = end;
}
- if (block_start + uvalue > end)
+ data = block_start + uvalue;
+ if (block_start + uvalue > end || data < block_start)
{
warn (_("Corrupt attribute block length: %lx\n"), (long) uvalue);
uvalue = end - block_start;
uvalue = 0;
block_start = end;
}
- if (block_start + uvalue > end)
+ data = block_start + uvalue;
+ if (block_start + uvalue > end
+ /* PR 17531: file: 5b5f0592. */
+ || data < block_start)
{
warn (_("Corrupt attribute block length: %lx\n"), (long) uvalue);
uvalue = end - block_start;
uvalue += cu_offset;
if (uvalue >= section->size)
- warn (_("Offset %s used as value for DW_AT_import attribute of DIE at offset %lx is too big.\n"),
+ warn (_("Offset %s used as value for DW_AT_import attribute of DIE at offset 0x%lx is too big.\n"),
dwarf_vmatoa ("x", uvalue),
(unsigned long) (orig_data - section->start));
else
/* Negative values are illegal, they may even cause infinite
looping. This can happen if we can't accurately apply
- relocations to an object file. */
- if ((signed long) length <= 0)
+ relocations to an object file, or if the file is corrupt. */
+ if ((signed long) length <= 0 || section_begin < start)
{
warn (_("Corrupt unit length (0x%s) found in section %s\n"),
dwarf_vmatoa ("x", length), section->name);
printf ("\n");
fflush (stdout);
}
- warn (_("DIE at offset %lx refers to abbreviation number %lu which does not exist\n"),
+ warn (_("DIE at offset 0x%lx refers to abbreviation number %lu which does not exist\n"),
die_offset, abbrev_number);
return 0;
}
arg = debug_information + unit;
else
arg = NULL;
-
+
tags = read_and_display_attr (attr->attribute,
attr->form,
tags,
if (num_cus * 4 < num_cus
|| constant_pool + cu_vector_offset + 4 + num_cus * 4
- >= section->start + section->size)
+ >= section->start + section->size
+ || (constant_pool + cu_vector_offset + 4 + num_cus * 4) < constant_pool)
{
printf ("<invalid number of CUs: %d>\n", num_cus);
warn (_("Invalid number of CUs (0x%x) for symbol table slot %d\n"),
if (num_cus > 1)
printf ("\n");
+
for (j = 0; j < num_cus; ++j)
{
int is_static;
{
SAFE_BYTE_GET (j, pindex, 4, limit);
shndx_list = ppool + j * 4;
+ /* PR 17531: file: 705e010d. */
+ if (shndx_list < ppool)
+ {
+ warn (_("Section index pool located before start of section\n"));
+ return 0;
+ }
+
if (do_display)
printf (_(" [%3d] Signature: 0x%s Sections: "),
i, dwarf_vmatoa64 (signature_high, signature_low,
projects / binutils-gdb.git / commitdiff