public inbox for gdb-testers@sourceware.org help / color / mirror / Atom feed
From: gdb-buildbot@sergiodj.net To: gdb-testers@sourceware.org Subject: [binutils-gdb] PR25070, SEGV in function _bfd_dwarf2_find_nearest_line Date: Tue, 15 Oct 2019 07:56:00 -0000 [thread overview] Message-ID: <336bfbeb1848f4b9558456fdcf283ee8a32d7fd1@gdb-build> (raw) *** TEST RESULTS FOR COMMIT 336bfbeb1848f4b9558456fdcf283ee8a32d7fd1 *** commit 336bfbeb1848f4b9558456fdcf283ee8a32d7fd1 Author: Alan Modra <amodra@gmail.com> AuthorDate: Wed Oct 9 10:47:13 2019 +1030 Commit: Alan Modra <amodra@gmail.com> CommitDate: Wed Oct 9 13:28:20 2019 +1030 PR25070, SEGV in function _bfd_dwarf2_find_nearest_line Evil testcase with two debug info sections, with sizes of 2aaaabac4ec1 and ffffd5555453b140 result in a total size of 1. Reading the first section of course overflows the buffer and tramples on other memory. PR 25070 * dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of total_size calculation. diff --git a/bfd/ChangeLog b/bfd/ChangeLog index cf5b372860..87a6244bca 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2019-10-09 Alan Modra <amodra@gmail.com> + + PR 25070 + * dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of + total_size calculation. + 2019-10-08 Alan Modra <amodra@gmail.com> PR 25078 diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c index d39f4fdfe4..88aaa2d23c 100644 --- a/bfd/dwarf2.c +++ b/bfd/dwarf2.c @@ -4439,7 +4439,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, bfd *debug_bfd, for (total_size = 0; msec; msec = find_debug_info (debug_bfd, debug_sections, msec)) - total_size += msec->size; + { + /* Catch PR25070 testcase overflowing size calculation here. */ + if (total_size + msec->size < total_size + || total_size + msec->size < msec->size) + { + bfd_set_error (bfd_error_no_memory); + return FALSE; + } + total_size += msec->size; + } stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size); if (stash->info_ptr_memory == NULL)
next reply other threads:[~2019-10-15 7:56 UTC|newest] Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-10-15 7:56 gdb-buildbot [this message] 2019-10-15 7:56 ` Failures on Ubuntu-Aarch64-m64, branch master gdb-buildbot 2019-10-15 9:32 ` Failures on Ubuntu-Aarch64-native-extended-gdbserver-m64, " gdb-buildbot 2019-10-15 10:21 ` Failures on Ubuntu-Aarch64-native-gdbserver-m64, " gdb-buildbot 2019-10-21 14:43 ` Failures on Fedora-x86_64-m32, " gdb-buildbot 2019-10-21 15:39 ` Failures on Fedora-x86_64-native-gdbserver-m32, " gdb-buildbot 2019-10-21 16:23 ` Failures on Fedora-x86_64-native-gdbserver-m64, " gdb-buildbot
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1@gdb-build \ --to=gdb-buildbot@sergiodj.net \ --cc=gdb-testers@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).