From: Cary Coutant Date: Mon, 9 Jun 2014 21:55:02 +0000 (-0700) Subject: Add check to keep from segfaulting on a corrupt .debug_pubnames section. X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=9baa787b14d9a92067ecb1731407c5abe37d7c3c;p=binutils-gdb.git Add check to keep from segfaulting on a corrupt .debug_pubnames section. gold/ * dwarf_reader.cc (Dwarf_pubnames_table::read_header): Check that unit_length is within section bounds. --- diff --git a/gold/ChangeLog b/gold/ChangeLog index 59661a0b759..151fcde0272 100644 --- a/gold/ChangeLog +++ b/gold/ChangeLog @@ -1,3 +1,8 @@ +2014-06-09 Cary Coutant + + * dwarf_reader.cc (Dwarf_pubnames_table::read_header): Check that + unit_length is within section bounds. + 2014-06-09 Cary Coutant PR gold/16980 diff --git a/gold/dwarf_reader.cc b/gold/dwarf_reader.cc index df14bd5ad3e..30aea10f5c7 100644 --- a/gold/dwarf_reader.cc +++ b/gold/dwarf_reader.cc @@ -580,6 +580,12 @@ Dwarf_pubnames_table::read_header(off_t offset) } this->end_of_table_ = pinfo + unit_length; + // If unit_length is too big, maybe we should reject the whole table, + // but in cases we know about, it seems OK to assume that the table + // is valid through the actual end of the section. + if (this->end_of_table_ > this->buffer_end_) + this->end_of_table_ = this->buffer_end_; + // Check the version. unsigned int version = this->dwinfo_->read_from_pointer<16>(pinfo); pinfo += 2;