* [binutils-gdb] Fix a potential illegal memory access when parsing corrupt DWARF information.
@ 2022-12-16 12:07 Nick Clifton
0 siblings, 0 replies; only message in thread
From: Nick Clifton @ 2022-12-16 12:07 UTC (permalink / raw)
To: bfd-cvs
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fa501b69309ccb03ec957101f24109ed7f737733
commit fa501b69309ccb03ec957101f24109ed7f737733
Author: Nick Clifton <nickc@redhat.com>
Date: Fri Dec 16 12:06:43 2022 +0000
Fix a potential illegal memory access when parsing corrupt DWARF information.
PR 29908
* dwarf.c (display_debug_addr): Check for corrupt header lengths.
Diff:
---
binutils/ChangeLog | 5 +++++
binutils/dwarf.c | 21 ++++++++++++++++++++-
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 6ec81ebd099..16bddf73c07 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,8 @@
+2022-12-16 Nick Clifton <nickc@redhat.com>
+
+ PR 29908
+ * dwarf.c (display_debug_addr): Check for corrupt header lengths.
+
2022-12-01 Nick Clifton <nickc@redhat.com>
PR 25202
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 33ee41cb6c9..533f1183012 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -7738,6 +7738,12 @@ display_debug_addr (struct dwarf_section *section,
return 0;
}
end = curr_header + length;
+ if (end < entry)
+ {
+ warn (_("Corrupt %s section header: length field (%lx) is too small\n"),
+ section->name, length);
+ return 0;
+ }
SAFE_BYTE_GET_AND_INC (version, curr_header, 2, entry);
if (version != 5)
warn (_("Corrupt %s section: expecting version number 5 in header but found %d instead\n"),
@@ -7748,9 +7754,22 @@ display_debug_addr (struct dwarf_section *section,
address_size += segment_selector_size;
}
else
- end = section->start + debug_addr_info [i + 1]->addr_base;
+ {
+ end = section->start + debug_addr_info [i + 1]->addr_base;
+
+ if (end < entry)
+ {
+ warn (_("Corrupt %s section: address base of entry %u (%lx) is less than entry %u (%lx)\n"),
+ section->name,
+ i, debug_addr_info [i]->addr_base,
+ i + 1, debug_addr_info [i + 1]->addr_base);
+ return 0;
+ }
+ }
+
header = end;
idx = 0;
+
while ((size_t) (end - entry) >= address_size)
{
uint64_t base = byte_get (entry, address_size);
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-12-16 12:07 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-16 12:07 [binutils-gdb] Fix a potential illegal memory access when parsing corrupt DWARF information Nick Clifton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).