From: Alan Modra <amodra@gmail.com>
Date: Tue, 8 Feb 2022 09:51:01 +0000 (+1030)
Subject: PR28862, heap-buffer-overflow in parse_stab_string
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=481153777e278b71e694fd2db6b897f7a9e3dcb8;p=binutils-gdb.git

PR28862, heap-buffer-overflow in parse_stab_string

I have no info on the format of a "SUNPRO C++ Namespace" stab, so am
relying on the previous code being correct in parsing these stabs.
Just don't allow NULs anywhere in the stab.

	PR 28862
	* stabs.c (parse_stab_string): Don't overrun buffer when parsing
	'Y' stab.
---

diff --git a/binutils/stabs.c b/binutils/stabs.c
index 1e78c0d1769..2b5241637c1 100644
--- a/binutils/stabs.c
+++ b/binutils/stabs.c
@@ -1129,13 +1129,13 @@ parse_stab_string (void *dhandle, struct stab_handle *info, int stabtype,
     case 'Y':
       /* SUNPro C++ Namespace =Yn0.  */
       /* Skip the namespace mapping, as it is not used now.  */
-      if (*(++p) == 'n' && *(++p) == '0')
+      if (*p++ != 0 && *p++ == 'n' && *p++ == '0')
 	{
 	  /* =Yn0name; */
-	  while (*p != ';')
+	  while (*p && *p != ';')
 	    ++p;
-	  ++p;
-	  return true;
+	  if (*p)
+	    return true;
 	}
       /* TODO SUNPro C++ support:
          Support default arguments after F,P parameters