* [binutils-gdb] Fix a potential illegal memory access when displaying corrupt DWARF information.
@ 2023-04-11 14:59 Nick Clifton
0 siblings, 0 replies; only message in thread
From: Nick Clifton @ 2023-04-11 14:59 UTC (permalink / raw)
To: bfd-cvs
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=688fe114cd80e410dbed08064eaaedf5584d31cf
commit 688fe114cd80e410dbed08064eaaedf5584d31cf
Author: Nick Clifton <nickc@redhat.com>
Date: Tue Apr 11 15:59:07 2023 +0100
Fix a potential illegal memory access when displaying corrupt DWARF information.
PR 30312
* dwarf.c (prealloc_cu_tu_list): Always allocate at least one entry.
Diff:
---
binutils/ChangeLog | 4 ++++
binutils/dwarf.c | 24 ++++++++++++++----------
2 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index f81f2308651..285b90c2a68 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,5 +1,9 @@
2023-04-11 Nick Clifton <nickc@redhat.com>
+ PR 30312
+ * dwarf.c (prealloc_cu_tu_list): Always allocate at least one
+ entry.
+
PR 30311
* readelf.c (uncompress_section_contents): Check for a
suspiciously large uncompressed size.
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index d08f01cab79..ab0a3caf632 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -10733,6 +10733,10 @@ display_gdb_index (struct dwarf_section *section,
static void
prealloc_cu_tu_list (unsigned int nshndx)
{
+ if (nshndx == 0)
+ /* Always allocate at least one entry for the end-marker. */
+ nshndx = 1;
+
if (shndx_pool == NULL)
{
shndx_pool_size = nshndx;
@@ -10797,7 +10801,7 @@ get_DW_SECT_short_name (unsigned int dw_sect)
These sections are extensions for Fission.
See http://gcc.gnu.org/wiki/DebugFissionDWP. */
-static int
+static bool
process_cu_tu_index (struct dwarf_section *section, int do_display)
{
unsigned char *phdr = section->start;
@@ -10818,14 +10822,14 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
if (phdr == NULL)
{
warn (_("Section %s is empty\n"), section->name);
- return 0;
+ return false;
}
/* PR 17512: file: 002-376-0.004. */
if (section->size < 24)
{
warn (_("Section %s is too small to contain a CU/TU header\n"),
section->name);
- return 0;
+ return false;
}
phash = phdr;
@@ -10857,7 +10861,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
"Section %s is too small for %u slots\n",
nslots),
section->name, nslots);
- return 0;
+ return false;
}
if (version == 1)
@@ -10887,7 +10891,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
if (shndx_list < ppool)
{
warn (_("Section index pool located before start of section\n"));
- return 0;
+ return false;
}
printf (_(" [%3d] Signature: %#" PRIx64 " Sections: "),
@@ -10898,7 +10902,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
{
warn (_("Section %s too small for shndx pool\n"),
section->name);
- return 0;
+ return false;
}
SAFE_BYTE_GET (shndx, shndx_list, 4, limit);
if (shndx == 0)
@@ -10941,7 +10945,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
{
warn (_("Section %s too small for offset and size tables\n"),
section->name);
- return 0;
+ return false;
}
if (do_display)
@@ -10989,7 +10993,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
{
warn (_("Row index (%u) is larger than number of used entries (%u)\n"),
row, nused);
- return 0;
+ return false;
}
if (!do_display)
@@ -11074,7 +11078,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
printf ("\n");
warn (_("Too many rows/columns in DWARF index section %s\n"),
section->name);
- return 0;
+ return false;
}
SAFE_BYTE_GET (val, p, 4, limit);
@@ -11106,7 +11110,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
if (do_display)
printf ("\n");
- return 1;
+ return true;
}
static int cu_tu_indexes_read = -1; /* Tri-state variable. */
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-04-11 14:59 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-11 14:59 [binutils-gdb] Fix a potential illegal memory access when displaying corrupt DWARF information Nick Clifton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).