From f641dd969f91a83adf319b269c2411141b0a26a9 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Fri, 13 Feb 2015 11:13:20 +0000 Subject: [PATCH] Fix mistake in recent code to check for an unterminated leb128 number. * dwarf.c (read_leb128): Fix test for shift becoming too large. --- binutils/coffgrok.c | 7 ++++++- binutils/dwarf.c | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/binutils/coffgrok.c b/binutils/coffgrok.c index 5dc9558078..2bbfdc45b4 100644 --- a/binutils/coffgrok.c +++ b/binutils/coffgrok.c @@ -668,8 +668,13 @@ do_define (unsigned int i, struct coff_scope *b) if (!is->init) { + long high = s->where->offset + s->type->size; + is->low = s->where->offset; - is->high = s->where->offset + s->type->size; + is->high = high; + /* PR 17512: file: 37e7a80d. */ + if (is->high != high) + fatal (_("Out of range type size: %u"), s->type->size); is->init = 1; is->parent = s->where->section; } diff --git a/binutils/dwarf.c b/binutils/dwarf.c index dad381f349..936f63438e 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -284,7 +284,7 @@ read_leb128 (unsigned char *data, /* PR 17512: file: 0ca183b8. FIXME: Should we signal this error somehow ? */ - if (shift >= sizeof (result)) + if (shift >= sizeof (result) * 8) break; }