* [binutils-gdb] Fix potential illegal memory accesses when parsing corrupt DWARF data.
@ 2022-12-19 11:14 Nick Clifton
0 siblings, 0 replies; only message in thread
From: Nick Clifton @ 2022-12-19 11:14 UTC (permalink / raw)
To: bfd-cvs
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=42f39fdedcf3321cab9964945d3f5bca58967b80
commit 42f39fdedcf3321cab9964945d3f5bca58967b80
Author: Nick Clifton <nickc@redhat.com>
Date: Mon Dec 19 11:13:46 2022 +0000
Fix potential illegal memory accesses when parsing corrupt DWARF data.
PR 29914
* dwarf.c (fetch_indexed_value): Fail if the section is not big
enough to contain a header size field.
(display_debug_addr): Fail if the computed address size is too big
or too small.
Diff:
---
binutils/ChangeLog | 8 ++++++++
binutils/dwarf.c | 14 ++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 16bddf73c07..6bd121e82ae 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,11 @@
+2022-12-19 Nick Clifton <nickc@redhat.com>
+
+ PR 29914
+ * dwarf.c (fetch_indexed_value): Fail if the section is not big
+ enough to contain a header size field.
+ (display_debug_addr): Fail if the computed address size is too big
+ or too small.
+
2022-12-16 Nick Clifton <nickc@redhat.com>
PR 29908
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 03b36afcec0..b792902c496 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -739,6 +739,13 @@ fetch_indexed_value (uint64_t idx,
return -1;
}
+ if (section->size < 4)
+ {
+ warn (_("Section %s is too small to contain an value indexed from another section!\n"),
+ section->name);
+ return -1;
+ }
+
uint32_t pointer_size, bias;
if (byte_get (section->start, 4) == 0xffffffff)
@@ -7770,6 +7777,13 @@ display_debug_addr (struct dwarf_section *section,
header = end;
idx = 0;
+ if (address_size < 1 || address_size > sizeof (uint64_t))
+ {
+ warn (_("Corrupt %s section: address size (%x) is wrong"),
+ section->name, address_size);
+ return 0;
+ }
+
while ((size_t) (end - entry) >= address_size)
{
uint64_t base = byte_get (entry, address_size);
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-12-19 11:14 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-19 11:14 [binutils-gdb] Fix potential illegal memory accesses when parsing corrupt DWARF data Nick Clifton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).