From 6f87d3fd27417e5adb2aa6f106a614296425df57 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Wed, 1 Jun 2022 17:44:41 +0930 Subject: [PATCH] asan: heap buffer overflow in dwarf2_directive_filename Seen with .file 4294967289 "xxx.c" * dwarf2dbg.c (assign_file_to_slot): Catch more cases of integer overflow. Make param i an unsigned int. --- gas/dwarf2dbg.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/gas/dwarf2dbg.c b/gas/dwarf2dbg.c index 185d57c253f..b4b252970c1 100644 --- a/gas/dwarf2dbg.c +++ b/gas/dwarf2dbg.c @@ -679,7 +679,7 @@ get_directory_table_entry (const char *dirname, } static bool -assign_file_to_slot (unsigned long i, const char *file, unsigned int dir) +assign_file_to_slot (unsigned int i, const char *file, unsigned int dir) { if (i >= files_allocated) { @@ -687,9 +687,11 @@ assign_file_to_slot (unsigned long i, const char *file, unsigned int dir) files_allocated = i + 32; /* Catch wraparound. */ - if (files_allocated <= old) + if (files_allocated < old + || files_allocated < i + || files_allocated > UINT_MAX / sizeof (struct file_entry)) { - as_bad (_("file number %lu is too big"), (unsigned long) i); + as_bad (_("file number %u is too big"), i); return false; } -- 2.30.2