From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nickc@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2124)
 id AED8C385840F; Tue, 11 Apr 2023 15:15:08 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AED8C385840F
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Nick Clifton <nickc@sourceware.org>
To: bfd-cvs@sourceware.org
Subject: [binutils-gdb] Fix an attempt to allocate an excessive amount of
 memory when parsing a corrupt DWARF file.
X-Act-Checkin: binutils-gdb
X-Git-Author: Nick Clifton <nickc@redhat.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 688fe114cd80e410dbed08064eaaedf5584d31cf
X-Git-Newrev: 9f1c612b7c1bb2d3035ca9416e5f09d844620e89
Message-Id: <20230411151508.AED8C385840F@sourceware.org>
Date: Tue, 11 Apr 2023 15:15:08 +0000 (GMT)
X-BeenThere: binutils-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils-cvs mailing list <binutils-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils-cvs/>
List-Help: <mailto:binutils-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Apr 2023 15:15:08 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D9f1c612b7c1b=
b2d3035ca9416e5f09d844620e89

commit 9f1c612b7c1bb2d3035ca9416e5f09d844620e89
Author: Nick Clifton <nickc@redhat.com>
Date:   Tue Apr 11 16:14:23 2023 +0100

    Fix an attempt to allocate an excessive amount of memory when parsing a=
 corrupt DWARF file.
   =20
      PR 30313
      * dwarf.c (display_debug_lines_decoded): Check for an overlarge numbe=
r of files or directories.

Diff:
---
 binutils/ChangeLog |  4 ++++
 binutils/dwarf.c   | 13 +++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 285b90c2a68..59ab08a26e6 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,5 +1,9 @@
 2023-04-11  Nick Clifton  <nickc@redhat.com>
=20
+	PR 30313
+	* dwarf.c (display_debug_lines_decoded): Check for an overlarge
+	number of files or directories.
+
 	PR 30312
 	* dwarf.c (prealloc_cu_tu_list): Always allocate at least one
 	entry.
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index ab0a3caf632..f6ff238d3cb 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -4997,6 +4997,12 @@ display_debug_lines_decoded (struct dwarf_section * =
 section,
=20
 	      if (n_directories =3D=3D 0)
 		directory_table =3D NULL;
+	      else if (n_directories > section->size)
+		{
+		  warn (_("number of directories (0x%x) exceeds size of section %s\n"),
+			n_directories, section->name);
+		  return 0;
+		}
 	      else
 		directory_table =3D (char **)
 		  xcalloc (n_directories, sizeof (unsigned char *));
@@ -5055,6 +5061,7 @@ display_debug_lines_decoded (struct dwarf_section *  =
section,
 	      if (do_checks && format_count > 5)
 		warn (_("Unexpectedly large number of columns in the file name table (%u=
)\n"),
 		      format_count);
+
 	      format_start =3D data;
 	      for (formati =3D 0; formati < format_count; formati++)
 		{
@@ -5071,6 +5078,12 @@ display_debug_lines_decoded (struct dwarf_section * =
 section,
=20
 	      if (n_files =3D=3D 0)
 		file_table =3D NULL;
+	      else if (n_files > section->size)
+		{
+		  warn (_("number of files (0x%x) exceeds size of section %s\n"),
+			n_files, section->name);
+		  return 0;
+		}
 	      else
 		file_table =3D (File_Entry *) xcalloc (n_files,
 						     sizeof (File_Entry));