* PR28862, heap-buffer-overflow in parse_stab_string
@ 2022-02-08 11:13 Alan Modra
0 siblings, 0 replies; only message in thread
From: Alan Modra @ 2022-02-08 11:13 UTC (permalink / raw)
To: binutils
I have no info on the format of a "SUNPRO C++ Namespace" stab, so am
relying on the previous code being correct in parsing these stabs.
Just don't allow NULs anywhere in the stab.
PR 28862
* stabs.c (parse_stab_string): Don't overrun buffer when parsing
'Y' stab.
diff --git a/binutils/stabs.c b/binutils/stabs.c
index 1e78c0d1769..2b5241637c1 100644
--- a/binutils/stabs.c
+++ b/binutils/stabs.c
@@ -1129,13 +1129,13 @@ parse_stab_string (void *dhandle, struct stab_handle *info, int stabtype,
case 'Y':
/* SUNPro C++ Namespace =Yn0. */
/* Skip the namespace mapping, as it is not used now. */
- if (*(++p) == 'n' && *(++p) == '0')
+ if (*p++ != 0 && *p++ == 'n' && *p++ == '0')
{
/* =Yn0name; */
- while (*p != ';')
+ while (*p && *p != ';')
++p;
- ++p;
- return true;
+ if (*p)
+ return true;
}
/* TODO SUNPro C++ support:
Support default arguments after F,P parameters
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-02-08 11:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-08 11:13 PR28862, heap-buffer-overflow in parse_stab_string Alan Modra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).