* Tidy commit 49910fd88dcd
@ 2021-07-10 4:06 Alan Modra
0 siblings, 0 replies; only message in thread
From: Alan Modra @ 2021-07-10 4:06 UTC (permalink / raw)
To: binutils
Pointer range checking is UB if the values compared are outside the
underlying array elements (plus one). This one is easy to fix, so
let's compare offset against size instead. Also, I suspect the change
to read_address was accidental since it wasn't mentioned in the
ChangeLog.
* dwarf2.c (read_address): Remove accidental commit.
(read_ranges): Compare offset rather than pointers.
diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
index 1247f952def..04f56a7b187 100644
--- a/bfd/dwarf2.c
+++ b/bfd/dwarf2.c
@@ -909,8 +909,7 @@ read_address (struct comp_unit *unit, bfd_byte **ptr, bfd_byte *buf_end)
if (bfd_get_flavour (unit->abfd) == bfd_target_elf_flavour)
signed_vma = get_elf_backend_data (unit->abfd)->sign_extend_vma;
- if (unit->addr_size > (size_t) (buf_end - buf)
- || (buf > buf_end))
+ if (unit->addr_size > (size_t) (buf_end - buf))
{
*ptr = buf_end;
return 0;
@@ -3094,12 +3093,10 @@ read_ranges (struct comp_unit *unit, struct arange *arange,
return false;
}
- ranges_ptr = unit->file->dwarf_ranges_buffer + offset;
- if (ranges_ptr < unit->file->dwarf_ranges_buffer)
+ if (offset > unit->file->dwarf_ranges_size)
return false;
+ ranges_ptr = unit->file->dwarf_ranges_buffer + offset;
ranges_end = unit->file->dwarf_ranges_buffer + unit->file->dwarf_ranges_size;
- if (ranges_ptr >= ranges_end)
- return false;
for (;;)
{
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-07-10 4:06 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-10 4:06 Tidy commit 49910fd88dcd Alan Modra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).