From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 58494 invoked by alias); 30 May 2018 13:55:13 -0000 Mailing-List: contact elfutils-devel-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: elfutils-devel-owner@sourceware.org Received: (qmail 58460 invoked by uid 89); 30 May 2018 13:55:13 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.4 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy= X-Spam-Status: No, score=-26.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: gnu.wildebeest.org Received: from wildebeest.demon.nl (HELO gnu.wildebeest.org) (212.238.236.112) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 30 May 2018 13:55:06 +0000 Received: from tarox.wildebeest.org (tarox.wildebeest.org [172.31.17.39]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 43F7630007B4; Wed, 30 May 2018 15:55:04 +0200 (CEST) Received: by tarox.wildebeest.org (Postfix, from userid 1000) id 109064000836; Wed, 30 May 2018 15:55:04 +0200 (CEST) From: Mark Wielaard To: elfutils-devel@sourceware.org Cc: Mark Wielaard Subject: [PATCH] libdw: Fix overflow warning on 32bit systems with GCC8 in dwarf_getsrclines. Date: Wed, 30 May 2018 13:55:00 -0000 Message-Id: <1527688492-10324-1-git-send-email-mark@klomp.org> X-Mailer: git-send-email 1.8.3.1 X-Spam-Flag: NO X-IsSubscribed: yes X-SW-Source: 2018-q2/txt/msg00119.txt.bz2 ndirs is read from the debug data and should be size checked before use. https://sourceware.org/bugzilla/show_bug.cgi?id=23248 Signed-off-by: Mark Wielaard --- libdw/ChangeLog | 5 +++++ libdw/dwarf_getsrclines.c | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/libdw/ChangeLog b/libdw/ChangeLog index 5a33d9c..c304a3b 100644 --- a/libdw/ChangeLog +++ b/libdw/ChangeLog @@ -1,3 +1,8 @@ +2018-05-30 Mark Wielaard + + * libdw/dwarf_getsrclines.c (read_srclines): Change ndir and + ndirlist to size_t. Add check to see ndirlist doesn't overflow. + 2018-05-29 Mark Wielaard * dwarf_cuoffset.c (dwarf_cuoffset): Check die->cu is not NULL. diff --git a/libdw/dwarf_getsrclines.c b/libdw/dwarf_getsrclines.c index 2bf3098..790d4e4 100644 --- a/libdw/dwarf_getsrclines.c +++ b/libdw/dwarf_getsrclines.c @@ -154,7 +154,7 @@ read_srclines (Dwarf *dbg, int res = -1; size_t nfilelist = 0; - unsigned int ndirlist = 0; + size_t ndirlist = 0; /* If there are a large number of lines, files or dirs don't blow up the stack. Stack allocate some entries, only dynamically malloc @@ -299,7 +299,7 @@ read_srclines (Dwarf *dbg, }; /* First count the entries. */ - unsigned int ndirs = 0; + size_t ndirs = 0; if (version < 5) { const unsigned char *dirp = linep; @@ -359,6 +359,8 @@ read_srclines (Dwarf *dbg, ndirlist = ndirs; if (ndirlist >= MAX_STACK_DIRS) { + if (ndirlist > SIZE_MAX / sizeof (*dirarray)) + goto no_mem; dirarray = (struct dirlist *) malloc (ndirlist * sizeof (*dirarray)); if (unlikely (dirarray == NULL)) { -- 1.8.3.1