OpenE2K/binutils-gdb
12
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix address violations when parsing a corrupt DWARF linenumber table.

Browse Source 
PR 22154
	* dwarf.c (get_line_filename_and_dirname): Add extra checks for
	buffer overruns.
This commit is contained in:
Nick Clifton 2017-09-26 12:14:42 +01:00
parent 28d810f7ff
commit 5c1c468d0e
2 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
binutils/ChangeLog
View File

@ -1,3 +1,9 @@
2017-09-26 Nick Clifton <nickc@redhat.com>
PR 22154
* dwarf.c (get_line_filename_and_dirname): Add extra checks for
buffer overruns.
2017-09-26 Nick Clifton <nickc@redhat.com>
* README-how-to-make-a-release: New file.

21
binutils/dwarf.c
View File

@ -4742,13 +4742,21 @@ get_line_filename_and_dirname (dwarf_vma line_offset,
return NULL;
hdrptr += opcode_base - 1;
if (hdrptr >= end)
return NULL;
dirtable = hdrptr;
/* Skip over dirname table. */
while (*hdrptr != '\0')
hdrptr += strnlen ((char *) hdrptr, end - hdrptr) + 1;
{
hdrptr += strnlen ((char *) hdrptr, end - hdrptr) + 1;
if (hdrptr >= end)
return NULL;
}
hdrptr++; /* Skip the NUL at the end of the table. */
/* Now skip over preceding filename table entries. */
for (; *hdrptr != '\0' && fileidx > 1; fileidx--)
for (; hdrptr < end && *hdrptr != '\0' && fileidx > 1; fileidx--)
{
hdrptr += strnlen ((char *) hdrptr, end - hdrptr) + 1;
read_uleb128 (hdrptr, &bytes_read, end);
@ -4758,16 +4766,19 @@ get_line_filename_and_dirname (dwarf_vma line_offset,
read_uleb128 (hdrptr, &bytes_read, end);
hdrptr += bytes_read;
}
if (hdrptr == end || *hdrptr == '\0')
if (hdrptr >= end || *hdrptr == '\0')
return NULL;
file_name = hdrptr;
hdrptr += strnlen ((char *) hdrptr, end - hdrptr) + 1;
if (hdrptr >= end)
return NULL;
diridx = read_uleb128 (hdrptr, &bytes_read, end);
if (diridx == 0)
return file_name;
for (; *dirtable != '\0' && diridx > 1; diridx--)
for (; dirtable < end && *dirtable != '\0' && diridx > 1; diridx--)
dirtable += strnlen ((char *) dirtable, end - dirtable) + 1;
if (*dirtable == '\0')
if (dirtable >= end || *dirtable == '\0')
return NULL;
*dir_name = dirtable;
return file_name;