aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2018-04-17 12:35:55 +0100
committerAndreas K. Hüttel <dilfridge@gentoo.org>2018-12-04 23:54:58 +0100
commitb555d9c6d509d82e733942d4038ea58df53400b7 (patch)
tree735f2b3a03366616df7f4b44adf75fa6538c482e
parentAdd a check for a NULL table pointer before attempting to compute a DWARF fil... (diff)
downloadbinutils-gdb-gentoo/binutils-2.30.tar.gz
binutils-gdb-gentoo/binutils-2.30.tar.bz2
binutils-gdb-gentoo/binutils-2.30.zip
Fix illegal memory access when parsing corrupt DWARF information.gentoo/binutils-2.30
PR 23064 * dwarf.c (process_cu_tu_index): Test for a potential buffer overrun before copying signature pointer. (cherry picked from commit 6aea08d9f3e3d6475a65454da488a0c51f5dc97d) Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
-rw-r--r--binutils/dwarf.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 2b32ed68c5..d6d852b03e 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -9252,7 +9252,18 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
}
if (!do_display)
- memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t));
+ {
+ size_t num_copy = sizeof (uint64_t);
+
+ /* PR 23064: Beware of buffer overflow. */
+ if (ph + num_copy < limit)
+ memcpy (&this_set[row - 1].signature, ph, num_copy);
+ else
+ {
+ warn (_("Signature (%p) extends beyond end of space in section\n"), ph);
+ return 0;
+ }
+ }
prow = poffsets + (row - 1) * ncols * 4;
/* PR 17531: file: b8ce60a8. */