From b96a1bcb81078d6443666a59d6a91368ac03767f Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Thu, 13 May 2021 22:46:36 +0930 Subject: [PATCH] PR27861, Infinite loop in dwarf.c:7507-7526 PR 27861 * dwarf.c (display_debug_str_offsets): Sanity check dwarf5 header length. --- binutils/ChangeLog | 6 ++++++ binutils/dwarf.c | 9 ++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 335c7d02fa8..85d21ebfa6b 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,9 @@ +2021-05-13 Alan Modra + + PR 27861 + * dwarf.c (display_debug_str_offsets): Sanity check dwarf5 + header length. + 2021-05-13 Alan Modra PR 27860 diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 20bd92657b3..b22d33c43dd 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -7487,7 +7487,14 @@ display_debug_str_offsets (struct dwarf_section *section, } else { - entries_end = curr + length; + if (length <= (dwarf_vma) (end - curr)) + entries_end = curr + length; + else + { + warn (_("Section %s is too small %#lx\n"), + section->name, (unsigned long) section->size); + entries_end = end; + } int version; SAFE_BYTE_GET_AND_INC (version, curr, 2, end); -- 2.30.2