From b4951546078b869ce2f720561a2c59cfe2d005c9 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Sat, 15 May 2021 15:17:58 +0930 Subject: [PATCH] display_debug_ranges * dwarf.c (display_debug_ranges): Delete initial_length_size. Correct fallback size calculated on finding a reloc. Constrain data reads to length given in header. Avoid pointer UB. --- binutils/ChangeLog | 6 ++++++ binutils/dwarf.c | 16 ++++++---------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/binutils/ChangeLog b/binutils/ChangeLog index db5ed0f4b54..9d646ed9870 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,9 @@ +2021-05-15 Alan Modra + + * dwarf.c (display_debug_ranges): Delete initial_length_size. + Correct fallback size calculated on finding a reloc. Constrain + data reads to length given in header. Avoid pointer UB. + 2021-05-15 Alan Modra * dwarf.c (display_debug_rnglists_list): Avoid pointer UB. diff --git a/binutils/dwarf.c b/binutils/dwarf.c index c4b6edf8721..9243c853020 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -7691,7 +7691,6 @@ display_debug_ranges (struct dwarf_section *section, if (is_rnglists) { dwarf_vma initial_length; - unsigned int initial_length_size; unsigned char segment_selector_size; unsigned int offset_size, offset_entry_count; unsigned short version; @@ -7704,22 +7703,18 @@ display_debug_ranges (struct dwarf_section *section, /* This section is 64-bit DWARF 3. */ SAFE_BYTE_GET_AND_INC (initial_length, start, 8, finish); offset_size = 8; - initial_length_size = 12; } else - { - offset_size = 4; - initial_length_size = 4; - } + offset_size = 4; - if (initial_length + initial_length_size > section->size) + if (initial_length > (size_t) (finish - start)) { /* If the length field has a relocation against it, then we should not complain if it is inaccurate (and probably negative). It is copied from .debug_line handling code. */ if (reloc_at (section, (start - section->start) - offset_size)) { - initial_length = (finish - start) - initial_length_size; + initial_length = finish - start; } else { @@ -7728,6 +7723,7 @@ display_debug_ranges (struct dwarf_section *section, return 0; } } + finish = start + initial_length; /* Get and check the version number. */ SAFE_BYTE_GET_AND_INC (version, start, 2, finish); @@ -7833,7 +7829,6 @@ display_debug_ranges (struct dwarf_section *section, pointer_size = (is_rnglists ? address_size : debug_info_p->pointer_size); offset = range_entry->ranges_offset; - next = section_begin + offset; base_address = debug_info_p->base_address; /* PR 17512: file: 001-101485-0.001:0.1. */ @@ -7844,12 +7839,13 @@ display_debug_ranges (struct dwarf_section *section, continue; } - if (next < section_begin || next >= finish) + if (offset > (size_t) (finish - section_begin)) { warn (_("Corrupt offset (%#8.8lx) in range entry %u\n"), (unsigned long) offset, i); continue; } + next = section_begin + offset; /* If multiple DWARF entities reference the same range then we will have multiple entries in the `range_entries' list for the same -- 2.30.2