[binutils-gdb] Fix a potential illegal memory access when parsing corrupt DWARF information.

public inbox for binutils-cvs@sourceware.org
 help / color / mirror / Atom feed

* [binutils-gdb] Fix a potential illegal memory access when parsing corrupt DWARF information.
@ 2022-12-16 12:07 Nick Clifton
  0 siblings, 0 replies; only message in thread
From: Nick Clifton @ 2022-12-16 12:07 UTC (permalink / raw)
  To: bfd-cvs

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fa501b69309ccb03ec957101f24109ed7f737733

commit fa501b69309ccb03ec957101f24109ed7f737733
Author: Nick Clifton <nickc@redhat.com>
Date:   Fri Dec 16 12:06:43 2022 +0000

    Fix a potential illegal memory access when parsing corrupt DWARF information.
    
            PR 29908
            * dwarf.c (display_debug_addr): Check for corrupt header lengths.

Diff:
---
 binutils/ChangeLog |  5 +++++
 binutils/dwarf.c   | 21 ++++++++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 6ec81ebd099..16bddf73c07 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,8 @@
+2022-12-16  Nick Clifton  <nickc@redhat.com>
+
+	PR 29908
+	* dwarf.c (display_debug_addr): Check for corrupt header lengths.
+
 2022-12-01  Nick Clifton  <nickc@redhat.com>
 
 	PR 25202
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 33ee41cb6c9..533f1183012 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -7738,6 +7738,12 @@ display_debug_addr (struct dwarf_section *section,
 	      return 0;
 	    }
 	  end = curr_header + length;
+	  if (end < entry)
+	    {
+	      warn (_("Corrupt %s section header: length field (%lx) is too small\n"),
+		    section->name, length);
+	      return 0;
+	    }
 	  SAFE_BYTE_GET_AND_INC (version, curr_header, 2, entry);
 	  if (version != 5)
 	    warn (_("Corrupt %s section: expecting version number 5 in header but found %d instead\n"),
@@ -7748,9 +7754,22 @@ display_debug_addr (struct dwarf_section *section,
 	  address_size += segment_selector_size;
 	}
       else
-	end = section->start + debug_addr_info [i + 1]->addr_base;
+	{
+	  end = section->start + debug_addr_info [i + 1]->addr_base;
+
+	  if (end < entry)
+	    {
+	      warn (_("Corrupt %s section: address base of entry %u (%lx) is less than entry %u (%lx)\n"),
+		    section->name,
+		    i, debug_addr_info [i]->addr_base,
+		    i + 1, debug_addr_info [i + 1]->addr_base);
+	      return 0;
+	    }
+	}
+
       header = end;
       idx = 0;
+
       while ((size_t) (end - entry) >= address_size)
 	{
 	  uint64_t base = byte_get (entry, address_size);

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-12-16 12:07 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-16 12:07 [binutils-gdb] Fix a potential illegal memory access when parsing corrupt DWARF information Nick Clifton

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).