diff options
| author |   Nick Clifton <nickc@redhat.com> | 2018-04-17 12:35:55 +0100 |
|---|---|---|
| committer |   Andreas K. Hüttel <dilfridge@gentoo.org> | 2018-12-04 23:54:58 +0100 |
| commit | b555d9c6d509d82e733942d4038ea58df53400b7 (patch) | |
| tree | 735f2b3a03366616df7f4b44adf75fa6538c482e | |
| parent | Add a check for a NULL table pointer before attempting to compute a DWARF fil... (diff) | |
| download | binutils-gdb-gentoo/binutils-2.30.tar.gz binutils-gdb-gentoo/binutils-2.30.tar.bz2 binutils-gdb-gentoo/binutils-2.30.zip | |
Fix illegal memory access when parsing corrupt DWARF information.gentoo/binutils-2.30
PR 23064
* dwarf.c (process_cu_tu_index): Test for a potential buffer
overrun before copying signature pointer.
(cherry picked from commit 6aea08d9f3e3d6475a65454da488a0c51f5dc97d)
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
| -rw-r--r-- | binutils/dwarf.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 2b32ed68c5a..d6d852b03ea 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -9252,7 +9252,18 @@ process_cu_tu_index (struct dwarf_section *section, int do_display) } if (!do_display) - memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t)); + { + size_t num_copy = sizeof (uint64_t); + + /* PR 23064: Beware of buffer overflow. */ + if (ph + num_copy < limit) + memcpy (&this_set[row - 1].signature, ph, num_copy); + else + { + warn (_("Signature (%p) extends beyond end of space in section\n"), ph); + return 0; + } + } prow = poffsets + (row - 1) * ncols * 4; /* PR 17531: file: b8ce60a8. */ |