FreeChainXenon/binutils-gdb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ubsan: shift exponent 70 is too large

Browse source 
* unwind-ia64.c (unw_decode_uleb128): Prevent overlarge shifts.
	Detect shift overflows and check that terminating byte is found.
	Print an error on a bad uleb128.
This commit is contained in:
Alan Modra 2020-03-16 08:54:16 +10:30
parent 7bac4137d7
commit 60e63c3e97
2 changed files with 23 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
binutils/ChangeLog
View file

@ -1,3 +1,9 @@
2020-03-16 Alan Modra <amodra@gmail.com>
* unwind-ia64.c (unw_decode_uleb128): Prevent overlarge shifts.
Detect shift overflows and check that terminating byte is found.
Print an error on a bad uleb128.
2020-03-14 Alan Modra <amodra@gmail.com> 2020-03-14 Alan Modra <amodra@gmail.com>
* readelf.c (process_file): Clean ba_cache. * readelf.c (process_file): Clean ba_cache.

21
binutils/unwind-ia64.c
View file

@ -544,21 +544,34 @@ static unw_word
unw_decode_uleb128 (const unsigned char **dpp, const unsigned char * end) unw_decode_uleb128 (const unsigned char **dpp, const unsigned char * end)
{ {
unsigned shift = 0; unsigned shift = 0;
int status = 1;
unw_word byte, result = 0; unw_word byte, result = 0;
const unsigned char *bp = *dpp; const unsigned char *bp = *dpp;
while (bp < end) while (bp < end)
{ {
byte = *bp++; byte = *bp++;
result |= (byte & 0x7f) << shift; if (shift < sizeof (result) * 8)
{
result |= (byte & 0x7f) << shift;
if ((result >> shift) != (byte & 0x7f))
/* Overflow. */
status |= 2;
shift += 7;
}
else if ((byte & 0x7f) != 0)
status |= 2;
if ((byte & 0x80) == 0) if ((byte & 0x80) == 0)
break; {
status &= ~1;
shift += 7; break;
}
} }
*dpp = bp; *dpp = bp;
if (status != 0)
printf (_("Bad uleb128\n"));
return result; return result;
} }