From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@gmail.com>
Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com
 [IPv6:2607:f8b0:4864:20::635])
 by sourceware.org (Postfix) with ESMTPS id 360BF3857C49
 for <binutils@sourceware.org>; Tue,  2 Aug 2022 07:47:01 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 360BF3857C49
Received: by mail-pl1-x635.google.com with SMTP id t2so12729680ply.2
 for <binutils@sourceware.org>; Tue, 02 Aug 2022 00:47:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:from:to:subject:message-id:mime-version
 :content-disposition;
 bh=IHiYr9tRFJTGo1yes3DuTeqgfgTlZVEE6Qq21/KqPYs=;
 b=OecVtYd995wauBGvFwQ7HGsbRnEZ0C+J00U4R8zozCnTeXGKDSRLzgG+ul0YMoZy9J
 NQOMyf66Um7zxG6WC4xrLYjfo1aDdF4h5iOLJH3/I4ApfFaszXRN/ajUu7ejq55qyKpJ
 dzNw8deKaOkZ7pBqqXxtKEacQ+f+28Roo2Gs3DKZdn5jwK4XESA7N8fNj2SfMto0/+fH
 9in3D/QHkBYde/OlYSavhqdbmty3KlCWHbboTHpWYwSiuqP2Qy1tQdC9wWo/CgWaUXX8
 g8O7h1PwlbuSKMxP3AMk1L+TKpWok1HIM6dGJBX18u3AaulI8mI99lfF2Mtba7Z40sHt
 FEvQ==
X-Gm-Message-State: ACgBeo1ZgP2BWEBUUC6OJjWCM9hdm9DAc16zPJ4UO+fMnl8jbwVwHZ5m
 8dznrL2A4hisLRntwdfg00QTDd9oizA=
X-Google-Smtp-Source: AA6agR6tiFCN4xNxDmI048LMCEzN5K6eb8opAloAtAmKTD7mwkYV1zymdygMyLd2865VovoPqfJQZg==
X-Received: by 2002:a17:902:8a91:b0:16c:c8e2:9398 with SMTP id
 p17-20020a1709028a9100b0016cc8e29398mr20214431plo.111.1659426419950; 
 Tue, 02 Aug 2022 00:46:59 -0700 (PDT)
Received: from squeak.grove.modra.org
 ([2406:3400:51d:8cc0:3820:a035:144a:7710])
 by smtp.gmail.com with ESMTPSA id
 13-20020a62140d000000b0052ce4074fddsm7804873pfu.145.2022.08.02.00.46.59
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 02 Aug 2022 00:46:59 -0700 (PDT)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
 id E8CC21140855; Tue,  2 Aug 2022 17:16:56 +0930 (ACST)
Date: Tue, 2 Aug 2022 17:16:56 +0930
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: PE objdump -x
Message-ID: <YujWcAwgSYnkQ29h@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-3026.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 UNWANTED_LANGUAGE_BODY autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2022 07:47:03 -0000

objdump -x on PE executables produces lots of "xdata section corrupt"
and "corrupt unwind data" warnings, and refuses to dump that info.  It
turns out that the sanity checks were bad, not the data.  Fix them.

	* pei-x86_64.c (pex64_get_unwind_info): Correct buffer overrun
	sanity checks.
	(pex64_xdata_print_uwd_codes): Similarly.

diff --git a/bfd/pei-x86_64.c b/bfd/pei-x86_64.c
index 7d8fc8f0721..795bf66f8b4 100644
--- a/bfd/pei-x86_64.c
+++ b/bfd/pei-x86_64.c
@@ -109,7 +109,7 @@ pex64_get_unwind_info (bfd *abfd, struct pex64_unwind_info *ui,
 
   memset (ui, 0, sizeof (struct pex64_unwind_info));
 
-  if (ex_dta >= ex_dta_end || ex_dta + 4 >= ex_dta_end)
+  if (ex_dta >= ex_dta_end || ex_dta + 4 > ex_dta_end)
     return false;
 
   ui->Version = PEX64_UWI_VERSION (ex_ui->Version_Flags);
@@ -124,13 +124,13 @@ pex64_get_unwind_info (bfd *abfd, struct pex64_unwind_info *ui,
   ui->rawUnwindCodesEnd = ex_dta_end;
 
   ex_dta += ui->SizeOfBlock;
-  if (ex_dta >= ex_dta_end)
+  if (ex_dta > ex_dta_end)
     return false;
 
   switch (ui->Flags)
     {
     case UNW_FLAG_CHAININFO:
-      if (ex_dta + 12 >= ex_dta_end)
+      if (ex_dta + 12 > ex_dta_end)
 	return false;
       ui->rva_BeginAddress = bfd_get_32 (abfd, ex_dta + 0);
       ui->rva_EndAddress = bfd_get_32 (abfd, ex_dta + 4);
@@ -140,7 +140,7 @@ pex64_get_unwind_info (bfd *abfd, struct pex64_unwind_info *ui,
     case UNW_FLAG_EHANDLER:
     case UNW_FLAG_UHANDLER:
     case UNW_FLAG_FHANDLER:
-      if (ex_dta + 4 >= ex_dta_end)
+      if (ex_dta + 4 > ex_dta_end)
 	return false;
       ui->rva_ExceptionHandler = bfd_get_32 (abfd, ex_dta);
       ui->SizeOfBlock += 4;
@@ -172,7 +172,7 @@ pex64_xdata_print_uwd_codes (FILE *file, bfd *abfd,
 
   i = 0;
 
-  if (ui->rawUnwindCodes + 1 >= ui->rawUnwindCodesEnd)
+  if (ui->rawUnwindCodes + ui->CountOfCodes * 2 > ui->rawUnwindCodesEnd)
     {
       fprintf (file, _("warning: corrupt unwind data\n"));
       return;
@@ -186,12 +186,6 @@ pex64_xdata_print_uwd_codes (FILE *file, bfd *abfd,
 	 to decode instruction flow if outside an epilog.  */
       unsigned int func_size = rf->rva_EndAddress - rf->rva_BeginAddress;
 
-      if (ui->rawUnwindCodes + 1 + (ui->CountOfCodes * 2) >= ui->rawUnwindCodesEnd)
-	{
-	  fprintf (file, _("warning: corrupt unwind data\n"));
-	  return;
-	}
-
       fprintf (file, "\tv2 epilog (length: %02x) at pc+:",
 	       ui->rawUnwindCodes[0]);
 
@@ -215,12 +209,6 @@ pex64_xdata_print_uwd_codes (FILE *file, bfd *abfd,
       fputc ('\n', file);
     }
 
-  if (ui->rawUnwindCodes + 2 + (ui->CountOfCodes * 2) >= ui->rawUnwindCodesEnd)
-    {
-      fprintf (file, _("warning: corrupt unwind data\n"));
-      return;
-    }
-
   for (; i < ui->CountOfCodes; i++)
     {
       const bfd_byte *dta = ui->rawUnwindCodes + 2 * i;

-- 
Alan Modra
Australia Development Lab, IBM