FreeChainXenon/binutils-gdb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

display_gdb_index

Browse source 
* dwarf.c (display_gdb_index): Avoid pointer UB and overflow in
	length calculations.
This commit is contained in:
Alan Modra 2021-05-15 15:37:07 +09:30
parent d7870f6304
commit bb19bf1269
2 changed files with 12 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

5
binutils/ChangeLog
View file

@ -1,3 +1,8 @@
2021-05-15 Alan Modra <amodra@gmail.com>
* dwarf.c (display_gdb_index): Avoid pointer UB and overflow in
length calculations.
2021-05-15 Alan Modra <amodra@gmail.com> 2021-05-15 Alan Modra <amodra@gmail.com>
* dwarf.c (display_debug_names): Complain when header length is * dwarf.c (display_debug_names): Complain when header length is

18
binutils/dwarf.c
View file

@ -10105,7 +10105,7 @@ display_gdb_index (struct dwarf_section *section,
symbol_table = start + symbol_table_offset; symbol_table = start + symbol_table_offset;
constant_pool = start + constant_pool_offset; constant_pool = start + constant_pool_offset;
if (address_table + address_table_size > section->start + section->size) if (address_table_offset + address_table_size > section->size)
{ {
warn (_("Address table extends beyond end of section.\n")); warn (_("Address table extends beyond end of section.\n"));
return 0; return 0;
@ -10160,11 +10160,9 @@ display_gdb_index (struct dwarf_section *section,
|| cu_vector_offset != 0) || cu_vector_offset != 0)
{ {
unsigned int j; unsigned int j;
unsigned char * adr;
adr = constant_pool + name_offset;
/* PR 17531: file: 5b7b07ad. */ /* PR 17531: file: 5b7b07ad. */
if (adr < constant_pool || adr >= section->start + section->size) if (name_offset >= section->size - constant_pool_offset)
{ {
printf (_("[%3u] <corrupt offset: %x>"), i, name_offset); printf (_("[%3u] <corrupt offset: %x>"), i, name_offset);
warn (_("Corrupt name offset of 0x%x found for symbol table slot %d\n"), warn (_("Corrupt name offset of 0x%x found for symbol table slot %d\n"),
@ -10175,8 +10173,8 @@ display_gdb_index (struct dwarf_section *section,
(int) (section->size - (constant_pool_offset + name_offset)), (int) (section->size - (constant_pool_offset + name_offset)),
constant_pool + name_offset); constant_pool + name_offset);
adr = constant_pool + cu_vector_offset; if (section->size - constant_pool_offset < 4
if (adr < constant_pool || adr >= section->start + section->size - 3) || cu_vector_offset > section->size - constant_pool_offset - 4)
{ {
printf (_("<invalid CU vector offset: %x>\n"), cu_vector_offset); printf (_("<invalid CU vector offset: %x>\n"), cu_vector_offset);
warn (_("Corrupt CU vector offset of 0x%x found for symbol table slot %d\n"), warn (_("Corrupt CU vector offset of 0x%x found for symbol table slot %d\n"),
@ -10184,12 +10182,10 @@ display_gdb_index (struct dwarf_section *section,
continue; continue;
} }
num_cus = byte_get_little_endian (adr, 4); num_cus = byte_get_little_endian (constant_pool + cu_vector_offset, 4);
adr = constant_pool + cu_vector_offset + 4 + num_cus * 4; if ((uint64_t) num_cus * 4 > section->size - (constant_pool_offset
if (num_cus * 4 < num_cus + cu_vector_offset + 4))
|| adr >= section->start + section->size
|| adr < constant_pool)
{ {
printf ("<invalid number of CUs: %d>\n", num_cus); printf ("<invalid number of CUs: %d>\n", num_cus);
warn (_("Invalid number of CUs (0x%x) for symbol table slot %d\n"), warn (_("Invalid number of CUs (0x%x) for symbol table slot %d\n"),