From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=sNOE=66=gmail.com=amodra@sourceware.org>
Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635])
	by sourceware.org (Postfix) with ESMTPS id 7F5B73857C43
	for <binutils@sourceware.org>; Mon,  6 Mar 2023 03:32:19 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7F5B73857C43
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-pl1-x635.google.com with SMTP id h8so8786584plf.10
        for <binutils@sourceware.org>; Sun, 05 Mar 2023 19:32:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112; t=1678073538;
        h=content-disposition:mime-version:message-id:subject:to:from:date
         :from:to:cc:subject:date:message-id:reply-to;
        bh=qi9ZjDiDa4LP0ILKcnhdzVNVy6IrM/CHjlg02rSn/gc=;
        b=SNGVh+25PzAFBIGtRC4iErXtbZPo0fxtEau30CL1AJjIiu8El0cOl0yp/4qIRuhfsO
         d/CKaLWNqoexjDV+cFPpXWZoV0a7IoZ0AQSMnk4+vivKs+s7sI6XHtNWQzZMtoDt83e8
         Eg+6hkeeechtzG5KhpOfPEg3YrS13IHDj8/i4gIZnT1/Ws4ycrSeIQHZbw/g5pGmR9GV
         Yf71cDbroIBDu4k+IUfLD3nebQCEQzUIcGRpqosgM0wvw4dJj7tMCLhX+GaUkEXj26wu
         jt3OMKHs3Ha3Ao32RAcQISTSBjnPgEACSPE21yNlJUJTC/k80KsF93paf3EZ+bGjFUff
         dItw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1678073538;
        h=content-disposition:mime-version:message-id:subject:to:from:date
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=qi9ZjDiDa4LP0ILKcnhdzVNVy6IrM/CHjlg02rSn/gc=;
        b=uSmWKejXwFKrxzuZ1+3Aq1ZvA/qCzykERio44CAgcn99WBBrL9zvMc3EXJMiyJCsO5
         BDpBClHt53ZXnlvYlE64Pc1CE+eOZlIs6wXml7gNO1yllDOKPvM5cd6aOYwKudTbTxPb
         65JxlB6jkm/TZB3NW9u4NgK64vnQOylNADdZZw0BJqOn9GLDtzqdcA1d/Q8/5fKSb88+
         aIYE00RNiU1lGxOxJx9hb6N2Lkzk1v5e+csjEh/9H1UWqLGXPMy5TQ8a9LPZwexceL8M
         r4r6Ayv9iCX/ut+4CsRJ/Soye1UeG2/QuN12Vka88zjAYcEb9xVkcS+9ltDRAP8wPEfX
         NIbA==
X-Gm-Message-State: AO0yUKWpKgvaPWitPKRHReJcxD0ImxTwVZZgeVdgu/nnd6YbjlkS+Hnl
	mbhnDTFNVUhrZHHhvNG/XqJHnBLPLkI=
X-Google-Smtp-Source: AK7set/QCkuiDpiHgbNZA+8cOLiQU0jjnOu8ywuqJpXP9dfKALBdJotAGWihkUXhA/dXEj60qyeZpA==
X-Received: by 2002:a17:902:ecc6:b0:19e:8688:86fe with SMTP id a6-20020a170902ecc600b0019e868886femr12070498plh.42.1678073538369;
        Sun, 05 Mar 2023 19:32:18 -0800 (PST)
Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au. [58.96.106.158])
        by smtp.gmail.com with ESMTPSA id v5-20020a1709028d8500b001960706141fsm5407530plo.149.2023.03.05.19.32.17
        for <binutils@sourceware.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 05 Mar 2023 19:32:18 -0800 (PST)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
	id 10ED01142C90; Mon,  6 Mar 2023 14:02:16 +1030 (ACDT)
Date: Mon, 6 Mar 2023 14:02:16 +1030
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: More _bfd_ecoff_locate_line sanity checks
Message-ID: <ZAVewBOf2ip1On9w@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-3035.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <binutils.sourceware.org>

	* ecofflink.c (mk_fdrtab): Discard fdr with negative cpd.
	(lookup_line): Sanity check fdr cbLineOffset and cbLine.
	Sanity check pdr cbLineOffset.

diff --git a/bfd/ecofflink.c b/bfd/ecofflink.c
index 00f1e3da404..bba25929f2c 100644
--- a/bfd/ecofflink.c
+++ b/bfd/ecofflink.c
@@ -1742,6 +1742,7 @@ mk_fdrtab (bfd *abfd,
       /* Sanity check fdr procedure descriptor pointer.  */
       long ipdMax = debug_info->symbolic_header.ipdMax;
       if (fdr_ptr->ipdFirst >= ipdMax
+	  || fdr_ptr->cpd < 0
 	  || fdr_ptr->cpd > ipdMax - fdr_ptr->ipdFirst)
 	fdr_ptr->cpd = 0;
       /* Skip FDRs that have no PDRs.  */
@@ -2146,12 +2147,20 @@ lookup_line (bfd *abfd,
 	 are stored in a very funky format, which I won't try to
 	 describe.  The search is bounded by the end of the FDRs line
 	 number entries.  */
-      line_end = debug_info->line + fdr_ptr->cbLineOffset + fdr_ptr->cbLine;
+      line_ptr = line_end = debug_info->line;
+      if (fdr_ptr->cbLineOffset < debug_info->symbolic_header.cbLine
+	  && fdr_ptr->cbLine <= (debug_info->symbolic_header.cbLine
+				 - fdr_ptr->cbLineOffset)
+	  && pdr.cbLineOffset <= (debug_info->symbolic_header.cbLine
+				  - fdr_ptr->cbLineOffset))
+	{
+	  line_end += fdr_ptr->cbLineOffset + fdr_ptr->cbLine;
+	  line_ptr += fdr_ptr->cbLineOffset + pdr.cbLineOffset;
+	}
 
       /* Make offset relative to procedure entry.  */
       offset -= pdr.adr - 0x10 * pdr.prof;
       lineno = pdr.lnLow;
-      line_ptr = debug_info->line + fdr_ptr->cbLineOffset + pdr.cbLineOffset;
       while (line_ptr < line_end)
 	{
 	  int delta;

-- 
Alan Modra
Australia Development Lab, IBM