From d21f875d6768aa1e5b8e5442c7e60b03307b1949 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Thu, 13 May 2021 22:22:45 +0930 Subject: [PATCH] PR27860, Segmentation fault on readelf -w Well it didn't take long for the SAFE_BYTE_GET assert to trigger. PR 27860 * dwarf.c (display_debug_frames): Sanity check cie_off before attempting to read cie. --- binutils/ChangeLog | 6 ++++++ binutils/dwarf.c | 2 ++ 2 files changed, 8 insertions(+) diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 9f3099fcd76..335c7d02fa8 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,9 @@ +2021-05-13 Alan Modra + + PR 27860 + * dwarf.c (display_debug_frames): Sanity check cie_off before + attempting to read cie. + 2021-05-12 Alan Modra * dwarf.c (process_extended_line_op): Don't bump data pointer past diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 56983e1c799..20bd92657b3 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -8708,6 +8708,8 @@ display_debug_frames (struct dwarf_section *section, if (cie->chunk_start == look_for) break; } + else if (cie_off >= section->size) + cie = NULL; else { for (cie = forward_refs; cie ; cie = cie->next) -- 2.30.2