public inbox for gdb-testers@sourceware.org
help / color / mirror / Atom feed
From: gdb-buildbot@sergiodj.net
To: gdb-testers@sourceware.org
Subject: [binutils-gdb] PR25070, SEGV in function _bfd_dwarf2_find_nearest_line
Date: Tue, 15 Oct 2019 07:56:00 -0000 [thread overview]
Message-ID: <336bfbeb1848f4b9558456fdcf283ee8a32d7fd1@gdb-build> (raw)
*** TEST RESULTS FOR COMMIT 336bfbeb1848f4b9558456fdcf283ee8a32d7fd1 ***
commit 336bfbeb1848f4b9558456fdcf283ee8a32d7fd1
Author: Alan Modra <amodra@gmail.com>
AuthorDate: Wed Oct 9 10:47:13 2019 +1030
Commit: Alan Modra <amodra@gmail.com>
CommitDate: Wed Oct 9 13:28:20 2019 +1030
PR25070, SEGV in function _bfd_dwarf2_find_nearest_line
Evil testcase with two debug info sections, with sizes of 2aaaabac4ec1
and ffffd5555453b140 result in a total size of 1. Reading the first
section of course overflows the buffer and tramples on other memory.
PR 25070
* dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of
total_size calculation.
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index cf5b372860..87a6244bca 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2019-10-09 Alan Modra <amodra@gmail.com>
+
+ PR 25070
+ * dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of
+ total_size calculation.
+
2019-10-08 Alan Modra <amodra@gmail.com>
PR 25078
diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
index d39f4fdfe4..88aaa2d23c 100644
--- a/bfd/dwarf2.c
+++ b/bfd/dwarf2.c
@@ -4439,7 +4439,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, bfd *debug_bfd,
for (total_size = 0;
msec;
msec = find_debug_info (debug_bfd, debug_sections, msec))
- total_size += msec->size;
+ {
+ /* Catch PR25070 testcase overflowing size calculation here. */
+ if (total_size + msec->size < total_size
+ || total_size + msec->size < msec->size)
+ {
+ bfd_set_error (bfd_error_no_memory);
+ return FALSE;
+ }
+ total_size += msec->size;
+ }
stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size);
if (stash->info_ptr_memory == NULL)
next reply other threads:[~2019-10-15 7:56 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-15 7:56 gdb-buildbot [this message]
2019-10-15 7:56 ` Failures on Ubuntu-Aarch64-m64, branch master gdb-buildbot
2019-10-15 9:32 ` Failures on Ubuntu-Aarch64-native-extended-gdbserver-m64, " gdb-buildbot
2019-10-15 10:21 ` Failures on Ubuntu-Aarch64-native-gdbserver-m64, " gdb-buildbot
2019-10-21 14:43 ` Failures on Fedora-x86_64-m32, " gdb-buildbot
2019-10-21 15:39 ` Failures on Fedora-x86_64-native-gdbserver-m32, " gdb-buildbot
2019-10-21 16:23 ` Failures on Fedora-x86_64-native-gdbserver-m64, " gdb-buildbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1@gdb-build \
--to=gdb-buildbot@sergiodj.net \
--cc=gdb-testers@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).