From 7848009791cd1598f8c19ab52ccd25a78bc0c789 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Sat, 15 May 2021 15:10:44 +0930 Subject: [PATCH] display_loc_list * dwarf.c (display_loc_list): Avoid pointer UB. Correct check before reading uleb length. Warn on excess length. --- binutils/ChangeLog | 5 +++++ binutils/dwarf.c | 20 +++++++++++++------- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 1926afbdcf7..9301a80e90f 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,8 @@ +2021-05-15 Alan Modra + + * dwarf.c (display_loc_list): Avoid pointer UB. Correct check + before reading uleb length. Warn on excess length. + 2021-05-15 Alan Modra * dwarf.c (display_debug_macro): Print strings that might not diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 68732cf491b..4d29591faa6 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -6355,7 +6355,7 @@ display_loc_list (struct dwarf_section *section, dwarf_vma off = offset + (start - *start_ptr); dwarf_vma vbegin = vm1, vend = vm1; - if (start + 2 * pointer_size > section_end) + if (2 * pointer_size > (size_t) (section_end - start)) { warn (_("Location list starting at offset 0x%lx is not terminated.\n"), (unsigned long) offset); @@ -6408,7 +6408,7 @@ display_loc_list (struct dwarf_section *section, (unsigned long) off, 8, ""); } - if (start + 2 > section_end) + if (2 > (size_t) (section_end - start)) { warn (_("Location list starting at offset 0x%lx is not terminated.\n"), (unsigned long) offset); @@ -6417,7 +6417,7 @@ display_loc_list (struct dwarf_section *section, SAFE_BYTE_GET_AND_INC (length, start, 2, section_end); - if (start + length > section_end) + if (length > (size_t) (section_end - start)) { warn (_("Location list starting at offset 0x%lx is not terminated.\n"), (unsigned long) offset); @@ -6579,15 +6579,21 @@ display_loclists_list (struct dwarf_section *section, && llet != DW_LLE_start_length) continue; - if (start + 2 > section_end) + if (start == section_end) { warn (_("Location list starting at offset 0x%lx is not terminated.\n"), (unsigned long) offset); break; } - READ_ULEB (length, start, section_end); + if (length > (size_t) (section_end - start)) + { + warn (_("Location list starting at offset 0x%lx is not terminated.\n"), + (unsigned long) offset); + break; + } + print_dwarf_vma (begin, pointer_size); print_dwarf_vma (end, pointer_size); @@ -6751,7 +6757,7 @@ display_loc_list_dwo (struct dwarf_section *section, return; } - if (start + 2 > section_end) + if (2 > (size_t) (section_end - start)) { warn (_("Location list starting at offset 0x%lx is not terminated.\n"), (unsigned long) offset); @@ -6759,7 +6765,7 @@ display_loc_list_dwo (struct dwarf_section *section, } SAFE_BYTE_GET_AND_INC (length, start, 2, section_end); - if (start + length > section_end) + if (length > (size_t) (section_end - start)) { warn (_("Location list starting at offset 0x%lx is not terminated.\n"), (unsigned long) offset); -- 2.30.2