From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 50716 invoked by alias); 7 Mar 2019 07:12:18 -0000 Mailing-List: contact dwz-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: dwz-owner@sourceware.org Received: (qmail 50623 invoked by uid 89); 7 Mar 2019 07:12:17 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,SPF_PASS autolearn=ham version=3.3.1 spammy=dw_die_ref X-Spam-Status: No, score=-26.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,SPF_PASS autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org X-Spam-Level: X-HELO: mx1.suse.de X-Virus-Scanned: by amavisd-new at test-mx.suse.de Date: Tue, 01 Jan 2019 00:00:00 -0000 From: Tom de Vries To: dwz@sourceware.org, jakub@redhat.com Subject: [PATCH] Error out on invalid locexpr length Message-ID: <20190307071254.GA20914@delia> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-SW-Source: 2019-q1/txt/msg00082.txt.bz2 Hi, When invoking dwz with a file containing an invalid locexpr length, we can run into this assertion: ... dwz: dwz.c:1722: read_loclist: Assertion `ptr + len <= endsec' failed. Aborted (core dumped) ... Change the assert into an error: ... dwz: a.out: locexpr length 0x4ef exceeds .debug_loc section ... OK for trunk? Thanks, - Tom Error out on invalid locexpr length 2019-02-14 Tom de Vries PR dwz/24172 * dwz.c (read_loclist): Change assert (ptr + len <= endsec) into an error. --- dwz.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/dwz.c b/dwz.c index 4ef8657..a876ab2 100644 --- a/dwz.c +++ b/dwz.c @@ -1719,7 +1719,13 @@ read_loclist (DSO *dso, dw_die_ref die, GElf_Addr offset) continue; len = read_16 (ptr); - assert (ptr + len <= endsec); + if (!(ptr + len <= endsec)) + { + error (0, 0, + "%s: locexpr length 0x%Lx exceeds .debug_loc section", + dso->filename, (long long) len); + return 1; + } if (read_exprloc (dso, die, ptr, len, &need_adjust)) return 1;