From: Alan Modra <amodra@gmail.com>
Date: Mon, 10 May 2021 00:26:43 +0000 (+0930)
Subject: Avoid possible pointer wrap
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=2d4b49864eba70606b1bee3d0a3e8414189dcd6d;p=binutils-gdb.git

Avoid possible pointer wrap

PTR supplied to these macros can be read from user input, END is an
end of buffer pointer.  It's safer to do arithmetic on END than on PTR.

	* dwarf.c (SAFE_BYTE_GET): Check bounds by subtracting amount from
	END rather than adding amount to PTR.
	(SAFE_SIGNED_BYTE_GET, SAFE_BYTE_GET64): Likewise.
---

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 302629794c0..ae27252e982 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2021-05-10  Alan Modra  <amodra@gmail.com>
+
+	* dwarf.c (SAFE_BYTE_GET): Check bounds by subtracting amount from
+	END rather than adding amount to PTR.
+	(SAFE_SIGNED_BYTE_GET, SAFE_BYTE_GET64): Likewise.
+
 2021-05-09  Alan Modra  <amodra@gmail.com>
 
 	* objcopy.c (eq_string): Delete.
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index d93d9239684..c584f5b2a24 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -406,7 +406,7 @@ read_leb128 (unsigned char *data,
 		 amount, (int) sizeof (VAL));	\
 	  amount = sizeof (VAL);		\
 	}					\
-      if (((PTR) + amount) >= (END))		\
+      if ((PTR) >= (END) - amount)		\
 	{					\
 	  if ((PTR) < (END))			\
 	    amount = (END) - (PTR);		\
@@ -434,7 +434,7 @@ read_leb128 (unsigned char *data,
   do							\
     {							\
       unsigned int amount = (AMOUNT);			\
-      if (((PTR) + amount) >= (END))			\
+      if ((PTR) >= (END) - amount)			\
 	{						\
 	  if ((PTR) < (END))				\
 	    amount = (END) - (PTR);			\
@@ -460,7 +460,7 @@ read_leb128 (unsigned char *data,
 #define SAFE_BYTE_GET64(PTR, HIGH, LOW, END)		\
   do							\
     {							\
-      if (((PTR) + 8) <= (END))				\
+      if ((PTR) <= (END) - 8)				\
 	{						\
 	  byte_get_64 ((PTR), (HIGH), (LOW));		\
 	}						\