From babfff7baedefd5830340e2ad583b7732a895c49 Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mark@klomp.org>
Date: Wed, 14 Oct 2020 12:30:27 +0200
Subject: [PATCH] Fix buffer overflow in write_multifile_line.

When writing out a "header only" .debug_line we use a small static
buffer on the stack. Make sure this buffer is large enough to contain
a DWARF5 empty line table header.

ChangeLog:

	* dwz.c (write_multi_line): Extend buf to 45 chars. Add assert
	to check buf is large enough.
---
 dwz.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/dwz.c b/dwz.c
index 1e6ec26..f8f2910 100644
--- a/dwz.c
+++ b/dwz.c
@@ -14304,7 +14304,7 @@ write_multifile_line (void)
   struct line_entry **filearr = NULL;
   struct line_stats line_stats;
   unsigned int *diridx = NULL, *dirarr = NULL;
-  unsigned char buf[17];
+  unsigned char buf[45]; /* Max header_len, see below.  */
   int ret = 0;
 
   line_stats.has_time = line_stats.has_size = false;
@@ -14430,7 +14430,10 @@ write_multifile_line (void)
 	}
 
       if (len == header_len)
-	line = buf;
+	{
+	  line = buf;
+	  assert (sizeof (buf) >= header_len);
+	}
       else
 	line = (unsigned char *) obstack_alloc (&ob, len);
     }
-- 
2.20.1