From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com [IPv6:2607:f8b0:4864:20::62e]) by sourceware.org (Postfix) with ESMTPS id 806B73858421 for ; Tue, 8 Feb 2022 11:13:55 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 806B73858421 Received: by mail-pl1-x62e.google.com with SMTP id j4so1270327plj.8 for ; Tue, 08 Feb 2022 03:13:55 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-disposition; bh=DYNyYqF0LmIUUFJ6bTI9P+J4/t7ogxiQCkMUHuUoNKc=; b=TgstGBxckak6HHUMZ8GkOwwkdPYFwren7dx65Io2jVkfJXqYsYSRkO9VugWy7Gojb+ kX8jyJuOxZW8zsP8sIWDnOv4zkkN2py8zhQ5jl8xCDXGkdjSBGDUSliITgsEpzpGHuzh Ct7EawcvuVecm75nl9kVxl/mEtsXkqmIA712McyILV9ANq+AJaKTSJF96DHEVuwSWD/0 kVe8q1mO3rN1Lzn9upgBh7R3cUcCPEdkiBok0HM97vgC03m2+Qx1uf9+eq2DQNhaWadl qs7bVwsZ0DyTsmGDAflhYtLie+4zDMp8dt2mpjRlQHbT/OxFOnLG8HcP5CJgYa2zYisv 22TQ== X-Gm-Message-State: AOAM5313W5zTlpbT2yz2IHd59JUTAvPn8yBUB0xhXQFbW/p67ZYCBwIw fPaHn1Qe1YLzdyzdm4lNMZau12rzKtk= X-Google-Smtp-Source: ABdhPJxNRB35SSpY1mYd5sXk7y5+7I/3AJc0Ji97K9DJu8B+01i4Vh+KNJlwHIai/vwAlQJJroCmYA== X-Received: by 2002:a17:90a:4a8b:: with SMTP id f11mr795221pjh.58.1644318834151; Tue, 08 Feb 2022 03:13:54 -0800 (PST) Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au. [58.96.106.158]) by smtp.gmail.com with ESMTPSA id e17sm15174475pfj.168.2022.02.08.03.13.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Feb 2022 03:13:53 -0800 (PST) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id A5E391142F4C; Tue, 8 Feb 2022 21:43:50 +1030 (ACDT) Date: Tue, 8 Feb 2022 21:43:50 +1030 From: Alan Modra To: binutils@sourceware.org Subject: PR28862, heap-buffer-overflow in parse_stab_string Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Status: No, score=-3037.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2022 11:13:57 -0000 I have no info on the format of a "SUNPRO C++ Namespace" stab, so am relying on the previous code being correct in parsing these stabs. Just don't allow NULs anywhere in the stab. PR 28862 * stabs.c (parse_stab_string): Don't overrun buffer when parsing 'Y' stab. diff --git a/binutils/stabs.c b/binutils/stabs.c index 1e78c0d1769..2b5241637c1 100644 --- a/binutils/stabs.c +++ b/binutils/stabs.c @@ -1129,13 +1129,13 @@ parse_stab_string (void *dhandle, struct stab_handle *info, int stabtype, case 'Y': /* SUNPro C++ Namespace =Yn0. */ /* Skip the namespace mapping, as it is not used now. */ - if (*(++p) == 'n' && *(++p) == '0') + if (*p++ != 0 && *p++ == 'n' && *p++ == '0') { /* =Yn0name; */ - while (*p != ';') + while (*p && *p != ';') ++p; - ++p; - return true; + if (*p) + return true; } /* TODO SUNPro C++ support: Support default arguments after F,P parameters -- Alan Modra Australia Development Lab, IBM