Toolchain/binutils-gdb
1
0
Fork 0
forked from Imagelibrary/binutils-gdb
Code Pull Requests Activity

PR29893, buffer overflow in display_debug_addr

Browse Source 
PR 29893
	* dwarf.c (display_debug_addr): Sanity check dwarf5 unit_length
	field.  Don't read past end.
This commit is contained in:
Alan Modra
2022-12-13 00:27:11 +10:30
parent 67a8c89601
commit c8628c770b
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
binutils/dwarf.c
View File

@@ -7731,8 +7731,13 @@ display_debug_addr (struct dwarf_section *section,
SAFE_BYTE_GET_AND_INC (length, curr_header, 4, entry);
if (length == 0xffffffff)
SAFE_BYTE_GET_AND_INC (length, curr_header, 8, entry);
if (length > (size_t) (section->start + section->size - curr_header))
{
warn (_("Corrupt %s section: unit_length field of %#" PRIx64
" too large\n"), section->name, length);
return 0;
}
end = curr_header + length;
SAFE_BYTE_GET_AND_INC (version, curr_header, 2, entry);
if (version != 5)
warn (_("Corrupt %s section: expecting version number 5 in header but found %d instead\n"),
@@ -7746,7 +7751,7 @@ display_debug_addr (struct dwarf_section *section,
end = section->start + debug_addr_info [i + 1]->addr_base;
header = end;
idx = 0;
while (entry < end)
while ((size_t) (end - entry) >= address_size)
{
uint64_t base = byte_get (entry, address_size);
printf (_("\t%d:\t"), idx);