Imagelibrary/binutils-gdb
1
0
Fork 1
mirror of https://github.com/bminor/binutils-gdb.git synced 2026-02-05 12:41:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

PR 33639 .debug_loclists output

Browse Source 
The fuzzed testcase in this PR prints an almost endless table of
offsets, due to a bogus offset count.  Limit that count, and the total
length too.

	PR 33639
	* dwarf.c (display_loclists_unit_header): Return error on
	length too small to read header.  Limit length to section
	size.  Limit offset count similarly.
This commit is contained in:
Alan Modra
2025-11-22 09:52:18 +10:30
parent 598704a00c
commit 455446bbdc
1 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
binutils/dwarf.c
View File

@@ -7255,8 +7255,6 @@ display_loclists_unit_header (struct dwarf_section * section,
bool is_64bit;
uint32_t i;
printf (_("Table at Offset %#" PRIx64 "\n"), header_offset);
SAFE_BYTE_GET_AND_INC (length, start, 4, end);
if (length == 0xffffffff)
{
@@ -7265,6 +7263,11 @@ display_loclists_unit_header (struct dwarf_section * section,
}
else
is_64bit = false;
if (length < 8)
return (uint64_t) -1;
printf (_("Table at Offset %#" PRIx64 "\n"), header_offset);
header_offset = start - section->start;
SAFE_BYTE_GET_AND_INC (version, start, 2, end);
SAFE_BYTE_GET_AND_INC (address_size, start, 1, end);
@@ -7277,15 +7280,21 @@ display_loclists_unit_header (struct dwarf_section * section,
printf (_(" Segment size: %u\n"), segment_selector_size);
printf (_(" Offset entries: %u\n"), *offset_count);
if (length > section->size - header_offset)
length = section->size - header_offset;
if (segment_selector_size != 0)
{
warn (_("The %s section contains an "
"unsupported segment selector size: %d.\n"),
section->name, segment_selector_size);
return (uint64_t)-1;
return (uint64_t) -1;
}
if ( *offset_count)
uint64_t max_off_count = length >> (is_64bit ? 3 : 2);
if (*offset_count > max_off_count)
*offset_count = max_off_count;
if (*offset_count)
{
printf (_("\n Offset Entries starting at %#tx:\n"),
start - section->start);
@@ -7302,8 +7311,7 @@ display_loclists_unit_header (struct dwarf_section * section,
putchar ('\n');
*loclists_start = start;
/* The length field doesn't include the length field itself. */
return header_offset + length + (is_64bit ? 12 : 4);
return header_offset + length;
}
static int