From: Alan Modra <amodra@gmail.com>
Date: Tue, 22 Aug 2023 02:11:37 +0000 (+0930)
Subject: objdump: file name table entry count check
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=8032f75b2994816e87e9d2ab7c46ad86601c999b;p=binutils-gdb.git

objdump: file name table entry count check

Fuzzers have found that objdump -W takes a really long time if
the entry count uleb is ridiculously large, and format attributes
don't consume data (which doesn't make sense for a table of names).

	* dwarf.c (display_formatted_table): Sanity check count of
	table entries.
---

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 4f695bf2bca..3ebc45ae373 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -4313,10 +4313,10 @@ display_formatted_table (unsigned char *data,
       printf (_("\n The %s is empty.\n"), table_name);
       return data;
     }
-  else if (data >= end)
+  else if (data >= end
+	   || data_count > (size_t) (end - data))
     {
-      warn (_("%s: Corrupt entry count - expected %#" PRIx64
-	      " but none found\n"), table_name, data_count);
+      warn (_("%s: Corrupt entry count %#" PRIx64 "\n"), table_name, data_count);
       return data;
     }