From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nickc@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2124)
 id C37D6385840F; Tue, 11 Apr 2023 14:59:40 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C37D6385840F
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Nick Clifton <nickc@sourceware.org>
To: bfd-cvs@sourceware.org
Subject: [binutils-gdb] Fix a potential illegal memory access when displaying
 corrupt DWARF information.
X-Act-Checkin: binutils-gdb
X-Git-Author: Nick Clifton <nickc@redhat.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 45f5fe468b23c92b571756ec72b6a9c7be034074
X-Git-Newrev: 688fe114cd80e410dbed08064eaaedf5584d31cf
Message-Id: <20230411145940.C37D6385840F@sourceware.org>
Date: Tue, 11 Apr 2023 14:59:40 +0000 (GMT)
X-BeenThere: binutils-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils-cvs mailing list <binutils-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils-cvs/>
List-Help: <mailto:binutils-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Apr 2023 14:59:40 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D688fe114cd80=
e410dbed08064eaaedf5584d31cf

commit 688fe114cd80e410dbed08064eaaedf5584d31cf
Author: Nick Clifton <nickc@redhat.com>
Date:   Tue Apr 11 15:59:07 2023 +0100

    Fix a potential illegal memory access when displaying corrupt DWARF inf=
ormation.
   =20
      PR 30312
      * dwarf.c (prealloc_cu_tu_list): Always allocate at least one entry.

Diff:
---
 binutils/ChangeLog |  4 ++++
 binutils/dwarf.c   | 24 ++++++++++++++----------
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index f81f2308651..285b90c2a68 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,5 +1,9 @@
 2023-04-11  Nick Clifton  <nickc@redhat.com>
=20
+	PR 30312
+	* dwarf.c (prealloc_cu_tu_list): Always allocate at least one
+	entry.
+
 	PR 30311
 	* readelf.c (uncompress_section_contents): Check for a
 	suspiciously large uncompressed size.
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index d08f01cab79..ab0a3caf632 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -10733,6 +10733,10 @@ display_gdb_index (struct dwarf_section *section,
 static void
 prealloc_cu_tu_list (unsigned int nshndx)
 {
+  if (nshndx =3D=3D 0)
+    /* Always allocate at least one entry for the end-marker.  */
+    nshndx =3D 1;
+
   if (shndx_pool =3D=3D NULL)
     {
       shndx_pool_size =3D nshndx;
@@ -10797,7 +10801,7 @@ get_DW_SECT_short_name (unsigned int dw_sect)
    These sections are extensions for Fission.
    See http://gcc.gnu.org/wiki/DebugFissionDWP.  */
=20
-static int
+static bool
 process_cu_tu_index (struct dwarf_section *section, int do_display)
 {
   unsigned char *phdr =3D section->start;
@@ -10818,14 +10822,14 @@ process_cu_tu_index (struct dwarf_section *sectio=
n, int do_display)
   if (phdr =3D=3D NULL)
     {
       warn (_("Section %s is empty\n"), section->name);
-      return 0;
+      return false;
     }
   /* PR 17512: file: 002-376-0.004.  */
   if (section->size < 24)
     {
       warn (_("Section %s is too small to contain a CU/TU header\n"),
 	    section->name);
-      return 0;
+      return false;
     }
=20
   phash =3D phdr;
@@ -10857,7 +10861,7 @@ process_cu_tu_index (struct dwarf_section *section,=
 int do_display)
 		      "Section %s is too small for %u slots\n",
 		      nslots),
 	    section->name, nslots);
-      return 0;
+      return false;
     }
=20
   if (version =3D=3D 1)
@@ -10887,7 +10891,7 @@ process_cu_tu_index (struct dwarf_section *section,=
 int do_display)
 		if (shndx_list < ppool)
 		  {
 		    warn (_("Section index pool located before start of section\n"));
-		    return 0;
+		    return false;
 		  }
=20
 		printf (_("  [%3d] Signature:  %#" PRIx64 "  Sections: "),
@@ -10898,7 +10902,7 @@ process_cu_tu_index (struct dwarf_section *section,=
 int do_display)
 		      {
 			warn (_("Section %s too small for shndx pool\n"),
 			      section->name);
-			return 0;
+			return false;
 		      }
 		    SAFE_BYTE_GET (shndx, shndx_list, 4, limit);
 		    if (shndx =3D=3D 0)
@@ -10941,7 +10945,7 @@ process_cu_tu_index (struct dwarf_section *section,=
 int do_display)
 	{
 	  warn (_("Section %s too small for offset and size tables\n"),
 		section->name);
-	  return 0;
+	  return false;
 	}
=20
       if (do_display)
@@ -10989,7 +10993,7 @@ process_cu_tu_index (struct dwarf_section *section,=
 int do_display)
 		{
 		  warn (_("Row index (%u) is larger than number of used entries (%u)\n"),
 			row, nused);
-		  return 0;
+		  return false;
 		}
=20
 	      if (!do_display)
@@ -11074,7 +11078,7 @@ process_cu_tu_index (struct dwarf_section *section,=
 int do_display)
 			printf ("\n");
 		      warn (_("Too many rows/columns in DWARF index section %s\n"),
 			    section->name);
-		      return 0;
+		      return false;
 		    }
=20
 		  SAFE_BYTE_GET (val, p, 4, limit);
@@ -11106,7 +11110,7 @@ process_cu_tu_index (struct dwarf_section *section,=
 int do_display)
   if (do_display)
       printf ("\n");
=20
-  return 1;
+  return true;
 }
=20
 static int cu_tu_indexes_read =3D -1; /* Tri-state variable.  */