From 05787bad362024d1328c0d6f7c51244a7d6c1e75 Mon Sep 17 00:00:00 2001 From: Simon Marchi Date: Tue, 2 Feb 2021 10:40:51 -0500 Subject: [PATCH] gdb/dwarf: add missing bound check to read_loclist_index read_rnglist_index has a bound check to make sure that we don't go past the end of the section while reading the offset, but read_loclist_index doesn't. Add it to read_loclist_index. gdb/ChangeLog: * dwarf2/read.c (read_loclist_index): Add bound check for the end of the offset. Change-Id: Ic4b55c88860fdc3e007740949c78ec84cdb4da60 --- gdb/ChangeLog | 5 +++++ gdb/dwarf2/read.c | 17 +++++++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/gdb/ChangeLog b/gdb/ChangeLog index c71492d7a33..8dd3147d3f1 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,8 @@ +2021-02-02 Simon Marchi + + * dwarf2/read.c (read_loclist_index): Add bound check for the end + of the offset. + 2021-02-02 Simon Marchi * dwarf2/read.c (read_rnglist_index): Fix bound check. diff --git a/gdb/dwarf2/read.c b/gdb/dwarf2/read.c index 9a71329c990..8d1edc29113 100644 --- a/gdb/dwarf2/read.c +++ b/gdb/dwarf2/read.c @@ -20214,6 +20214,11 @@ read_loclist_index (struct dwarf2_cu *cu, ULONGEST loclist_index) struct objfile *objfile = per_objfile->objfile; bfd *abfd = objfile->obfd; ULONGEST loclist_base = lookup_loclist_base (cu); + + /* Offset in .debug_loclists of the offset for LOCLIST_INDEX. */ + ULONGEST start_offset = + loclist_base + loclist_index * cu->header.offset_size; + struct dwarf2_section_info *section = cu_debug_loc_section (cu); section->read (objfile); @@ -20228,14 +20233,18 @@ read_loclist_index (struct dwarf2_cu *cu, ULONGEST loclist_index) ".debug_loclists offset array [in module %s]"), objfile_name (objfile)); - if (loclist_base + loclist_index * cu->header.offset_size - >= section->size) + if (start_offset >= section->size) error (_("DW_FORM_loclistx pointing outside of " ".debug_loclists section [in module %s]"), objfile_name (objfile)); - const gdb_byte *info_ptr - = section->buffer + loclist_base + loclist_index * cu->header.offset_size; + /* Validate that reading won't go beyond the end of the section. */ + if (start_offset + cu->header.offset_size > section->size) + error (_("Reading DW_FORM_loclistx index beyond end of" + ".debug_loclists section [in module %s]"), + objfile_name (objfile)); + + const gdb_byte *info_ptr = section->buffer + start_offset; if (cu->header.offset_size == 4) return bfd_get_32 (abfd, info_ptr) + loclist_base; -- 2.30.2