From d53d4ac5aaf62c631e8d915e049eaf3f52fe24c8 Mon Sep 17 00:00:00 2001 From: Tom Tromey Date: Fri, 19 Nov 2010 16:35:13 +0000 Subject: [PATCH] 2010-11-19 Will Drewry Tavis Ormandy Jan Kratochvil * dwarf2read.c (decode_locdesc): Enforce location description stack boundaries. --- gdb/ChangeLog | 7 +++++++ gdb/dwarf2read.c | 20 ++++++++++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/gdb/ChangeLog b/gdb/ChangeLog index 526c1828613..6997f0d4492 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,10 @@ +2010-11-19 Will Drewry + Tavis Ormandy + Jan Kratochvil + + * dwarf2read.c (decode_locdesc): Enforce location description stack + boundaries. + 2010-11-18 Pierre Muller * arm-tdep.c (arm_in_function_epilogue_p): Fix code when "MOV SP" diff --git a/gdb/dwarf2read.c b/gdb/dwarf2read.c index 33ebea8389e..7ad8037d4ea 100644 --- a/gdb/dwarf2read.c +++ b/gdb/dwarf2read.c @@ -13279,8 +13279,7 @@ read_signatured_type (struct objfile *objfile, callers will only want a very basic result and this can become a complaint. - Note that stack[0] is unused except as a default error return. - Note that stack overflow is not yet handled. */ + Note that stack[0] is unused except as a default error return. */ static CORE_ADDR decode_locdesc (struct dwarf_block *blk, struct dwarf2_cu *cu) @@ -13297,6 +13296,7 @@ decode_locdesc (struct dwarf_block *blk, struct dwarf2_cu *cu) i = 0; stacki = 0; stack[stacki] = 0; + stack[++stacki] = 0; while (i < size) { @@ -13478,6 +13478,22 @@ decode_locdesc (struct dwarf_block *blk, struct dwarf2_cu *cu) dwarf_stack_op_name (op, 1)); return (stack[stacki]); } + + /* Enforce maximum stack depth of SIZE-1 to avoid writing + outside of the allocated space. Also enforce minimum>0. */ + if (stacki >= ARRAY_SIZE (stack) - 1) + { + complaint (&symfile_complaints, + _("location description stack overflow")); + return 0; + } + + if (stacki <= 0) + { + complaint (&symfile_complaints, + _("location description stack underflow")); + return 0; + } } return (stack[stacki]); } -- 2.30.2