From 8032f75b2994816e87e9d2ab7c46ad86601c999b Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Tue, 22 Aug 2023 11:41:37 +0930
Subject: [PATCH] objdump: file name table entry count check

Fuzzers have found that objdump -W takes a really long time if
the entry count uleb is ridiculously large, and format attributes
don't consume data (which doesn't make sense for a table of names).

	* dwarf.c (display_formatted_table): Sanity check count of
	table entries.
---
 binutils/dwarf.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 4f695bf2bca..3ebc45ae373 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -4313,10 +4313,10 @@ display_formatted_table (unsigned char *data,
       printf (_("\n The %s is empty.\n"), table_name);
       return data;
     }
-  else if (data >= end)
+  else if (data >= end
+	   || data_count > (size_t) (end - data))
     {
-      warn (_("%s: Corrupt entry count - expected %#" PRIx64
-	      " but none found\n"), table_name, data_count);
+      warn (_("%s: Corrupt entry count %#" PRIx64 "\n"), table_name, data_count);
       return data;
     }
 
-- 
2.30.2