public inbox for binutils-cvs@sourceware.org
 help / color / mirror / Atom feed
* [binutils-gdb] Fix potential illegal memory accesses when parsing corrupt DWARF data.
@ 2022-12-19 11:14 Nick Clifton
  0 siblings, 0 replies; only message in thread
From: Nick Clifton @ 2022-12-19 11:14 UTC (permalink / raw)
  To: bfd-cvs

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=42f39fdedcf3321cab9964945d3f5bca58967b80

commit 42f39fdedcf3321cab9964945d3f5bca58967b80
Author: Nick Clifton <nickc@redhat.com>
Date:   Mon Dec 19 11:13:46 2022 +0000

    Fix potential illegal memory accesses when parsing corrupt DWARF data.
    
            PR 29914
            * dwarf.c (fetch_indexed_value): Fail if the section is not big
            enough to contain a header size field.
            (display_debug_addr): Fail if the computed address size is too big
            or too small.

Diff:
---
 binutils/ChangeLog |  8 ++++++++
 binutils/dwarf.c   | 14 ++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 16bddf73c07..6bd121e82ae 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,11 @@
+2022-12-19  Nick Clifton  <nickc@redhat.com>
+
+	PR 29914
+	* dwarf.c (fetch_indexed_value): Fail if the section is not big
+	enough to contain a header size field.
+	(display_debug_addr): Fail if the computed address size is too big
+	or too small.
+
 2022-12-16  Nick Clifton  <nickc@redhat.com>
 
 	PR 29908
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 03b36afcec0..b792902c496 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -739,6 +739,13 @@ fetch_indexed_value (uint64_t idx,
       return -1;
     }
 
+  if (section->size < 4)
+    {
+      warn (_("Section %s is too small to contain an value indexed from another section!\n"),
+	    section->name);
+      return -1;
+    }
+
   uint32_t pointer_size, bias;
 
   if (byte_get (section->start, 4) == 0xffffffff)
@@ -7770,6 +7777,13 @@ display_debug_addr (struct dwarf_section *section,
       header = end;
       idx = 0;
 
+      if (address_size < 1 || address_size > sizeof (uint64_t))
+	{
+	  warn (_("Corrupt %s section: address size (%x) is wrong"),
+		section->name, address_size);
+	  return 0;
+	}
+
       while ((size_t) (end - entry) >= address_size)
 	{
 	  uint64_t base = byte_get (entry, address_size);

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2022-12-19 11:14 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-19 11:14 [binutils-gdb] Fix potential illegal memory accesses when parsing corrupt DWARF data Nick Clifton

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).