From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1062)
 id 1F1963858C2C; Wed, 15 Feb 2023 06:07:18 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1F1963858C2C
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Alan Modra <amodra@sourceware.org>
To: bfd-cvs@sourceware.org
Subject: [binutils-gdb] More ecoff sanity checks
X-Act-Checkin: binutils-gdb
X-Git-Author: Alan Modra <amodra@gmail.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 72d225ef9cc7d475db188581da33b056df3191fd
X-Git-Newrev: c91714309754e27f7f3a6ffc08ba61739c418532
Message-Id: <20230215060718.1F1963858C2C@sourceware.org>
Date: Wed, 15 Feb 2023 06:07:18 +0000 (GMT)
X-BeenThere: binutils-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils-cvs mailing list <binutils-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils-cvs/>
List-Help: <mailto:binutils-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2023 06:07:18 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3Dc91714309754=
e27f7f3a6ffc08ba61739c418532

commit c91714309754e27f7f3a6ffc08ba61739c418532
Author: Alan Modra <amodra@gmail.com>
Date:   Wed Feb 15 16:28:07 2023 +1030

    More ecoff sanity checks
   =20
    Change FIX so that unused pointers that escape the UPDATE_RAW_END
    sanity checks won't result in overflows.  Also sanity check the local
    sym fdr isymBase and csym values.
   =20
            * ecoff.c (_bfd_ecoff_slurp_symbolic_info): Define FIX to set
            pointers into swapped internal data to NULL if count is zero.
            Sanity check local sym fdr_ptr->isymBase and fdr_ptr->csym.

Diff:
---
 bfd/ecoff.c | 44 ++++++++++++++++++++++++--------------------
 1 file changed, 24 insertions(+), 20 deletions(-)

diff --git a/bfd/ecoff.c b/bfd/ecoff.c
index 7498766dd3f..1bea7005fee 100644
--- a/bfd/ecoff.c
+++ b/bfd/ecoff.c
@@ -579,25 +579,24 @@ _bfd_ecoff_slurp_symbolic_info (bfd *abfd,
   ecoff_data (abfd)->raw_syments =3D raw;
=20
   /* Get pointers for the numeric offsets in the HDRR structure.  */
-#define FIX(off1, off2, type)				\
-  if (internal_symhdr->off1 =3D=3D 0)			\
-    debug->off2 =3D NULL;					\
-  else							\
-    debug->off2 =3D (type) ((char *) raw			\
-			  + (internal_symhdr->off1	\
-			     - raw_base))
-
-  FIX (cbLineOffset, line, unsigned char *);
-  FIX (cbDnOffset, external_dnr, void *);
-  FIX (cbPdOffset, external_pdr, void *);
-  FIX (cbSymOffset, external_sym, void *);
-  FIX (cbOptOffset, external_opt, void *);
-  FIX (cbAuxOffset, external_aux, union aux_ext *);
-  FIX (cbSsOffset, ss, char *);
-  FIX (cbSsExtOffset, ssext, char *);
-  FIX (cbFdOffset, external_fdr, void *);
-  FIX (cbRfdOffset, external_rfd, void *);
-  FIX (cbExtOffset, external_ext, void *);
+#define FIX(start, count, ptr, type) \
+  if (internal_symhdr->start =3D=3D 0 || internal_symhdr->count =3D=3D 0)	\
+    debug->ptr =3D NULL;							\
+  else									\
+    debug->ptr =3D (type) ((char *) raw					\
+			 + (internal_symhdr->start - raw_base))
+
+  FIX (cbLineOffset, cbLine, line, unsigned char *);
+  FIX (cbDnOffset, idnMax, external_dnr, void *);
+  FIX (cbPdOffset, ipdMax, external_pdr, void *);
+  FIX (cbSymOffset, isymMax, external_sym, void *);
+  FIX (cbOptOffset, ioptMax, external_opt, void *);
+  FIX (cbAuxOffset, iauxMax, external_aux, union aux_ext *);
+  FIX (cbSsOffset, issMax, ss, char *);
+  FIX (cbSsExtOffset, issExtMax, ssext, char *);
+  FIX (cbFdOffset, ifdMax, external_fdr, void *);
+  FIX (cbRfdOffset, crfd, external_rfd, void *);
+  FIX (cbExtOffset, iextMax, external_ext, void *);
 #undef FIX
=20
   /* I don't want to always swap all the data, because it will just
@@ -932,7 +931,13 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
     {
       char *lraw_src;
       char *lraw_end;
+      HDRR *symhdr =3D &ecoff_data (abfd)->debug_info.symbolic_header;
=20
+      if (fdr_ptr->isymBase < 0
+	  || fdr_ptr->isymBase > symhdr->isymMax
+	  || fdr_ptr->csym <=3D 0
+	  || fdr_ptr->csym > symhdr->isymMax - fdr_ptr->isymBase)
+	continue;
       lraw_src =3D ((char *) ecoff_data (abfd)->debug_info.external_sym
 		  + fdr_ptr->isymBase * external_sym_size);
       lraw_end =3D lraw_src + fdr_ptr->csym * external_sym_size;
@@ -944,7 +949,6 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
=20
 	  (*swap_sym_in) (abfd, (void *) lraw_src, &internal_sym);
=20
-	  HDRR *symhdr =3D &ecoff_data (abfd)->debug_info.symbolic_header;
 	  if (internal_sym.iss >=3D symhdr->issMax
 	      || internal_sym.iss < 0)
 	    {