* [binutils-gdb] Fix an illegal memory access triggered by parsing corrupt DWARF info.
@ 2023-03-30 10:05 Nick Clifton
0 siblings, 0 replies; only message in thread
From: Nick Clifton @ 2023-03-30 10:05 UTC (permalink / raw)
To: bfd-cvs
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d17c53b8dfc23b456e30c8f21d46dbcd55324ae
commit 8d17c53b8dfc23b456e30c8f21d46dbcd55324ae
Author: Nick Clifton <nickc@redhat.com>
Date: Thu Mar 30 11:04:53 2023 +0100
Fix an illegal memory access triggered by parsing corrupt DWARF info.
PR 30284
* dwarf.c (read_and_display_attr_value): Detect and ignore negative base values.
Diff:
---
binutils/ChangeLog | 6 ++++++
binutils/dwarf.c | 32 +++++++++++++++++++++++++++++---
2 files changed, 35 insertions(+), 3 deletions(-)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index a6932cba144..0794bed00d3 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2023-03-30 Nick Clifton <nickc@redhat.com>
+
+ PR 30284
+ * dwarf.c (read_and_display_attr_value): Detect and ignore
+ negative base values.
+
2023-03-23 Frederic Cambus <fred@statdns.com>
* readelf.c (get_segment_type): Handle PT_OPENBSD_MUTABLE segment
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 89b0b80d949..d6fc9fe991c 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -2802,7 +2802,7 @@ read_and_display_attr_value (unsigned long attribute,
break;
default:
- warn (_("Unrecognized form: %#lx\n"), form);
+ warn (_("Unrecognized form: %#lx"), form);
/* What to do? Consume a byte maybe? */
++data;
break;
@@ -2820,22 +2820,48 @@ read_and_display_attr_value (unsigned long attribute,
"(%#" PRIx64 " and %#" PRIx64 ")"),
debug_info_p->cu_offset,
debug_info_p->loclists_base, uvalue);
+ svalue = uvalue;
+ if (svalue < 0)
+ {
+ warn (_("CU @ %#" PRIx64 " has has a negative loclists_base "
+ "value of %#" PRIx64 " - treating as zero"),
+ debug_info_p->cu_offset, svalue);
+ uvalue = 0;
+ }
debug_info_p->loclists_base = uvalue;
break;
+
case DW_AT_rnglists_base:
if (debug_info_p->rnglists_base)
warn (_("CU @ %#" PRIx64 " has multiple rnglists_base values "
"(%#" PRIx64 " and %#" PRIx64 ")"),
debug_info_p->cu_offset,
debug_info_p->rnglists_base, uvalue);
+ svalue = uvalue;
+ if (svalue < 0)
+ {
+ warn (_("CU @ %#" PRIx64 " has has a negative rnglists_base "
+ "value of %#" PRIx64 " - treating as zero"),
+ debug_info_p->cu_offset, svalue);
+ uvalue = 0;
+ }
debug_info_p->rnglists_base = uvalue;
break;
+
case DW_AT_str_offsets_base:
if (debug_info_p->str_offsets_base)
warn (_("CU @ %#" PRIx64 " has multiple str_offsets_base values "
"%#" PRIx64 " and %#" PRIx64 ")"),
debug_info_p->cu_offset,
debug_info_p->str_offsets_base, uvalue);
+ svalue = uvalue;
+ if (svalue < 0)
+ {
+ warn (_("CU @ %#" PRIx64 " has has a negative stroffsets_base "
+ "value of %#" PRIx64 " - treating as zero"),
+ debug_info_p->cu_offset, svalue);
+ uvalue = 0;
+ }
debug_info_p->str_offsets_base = uvalue;
break;
@@ -8245,7 +8271,7 @@ display_debug_ranges (struct dwarf_section *section,
}
introduce (section, false);
-
+
if (is_rnglists)
return display_debug_rnglists (section);
@@ -8324,7 +8350,7 @@ display_debug_ranges (struct dwarf_section *section,
}
next = section_begin + offset + debug_info_p->rnglists_base;
-
+
/* If multiple DWARF entities reference the same range then we will
have multiple entries in the `range_entries' list for the same
offset. Thanks to the sort above these will all be consecutive in
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-03-30 10:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-30 10:05 [binutils-gdb] Fix an illegal memory access triggered by parsing corrupt DWARF info Nick Clifton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).