diff options
| author |   Nick Clifton <nickc@redhat.com> | 2017-09-27 10:42:51 +0100 |
|---|---|---|
| committer |   Andreas K. Hüttel <dilfridge@gentoo.org> | 2017-10-12 22:53:53 +0200 |
| commit | bdad782cff2e62b57ddfa743dca05ff7e7985f62 (patch) | |
| tree | da475f352871d12e8c60239a618ed3813413e0ee | |
| parent | PR22204, Lack of DW_LNE_end_sequence causes "infinite" loop (diff) | |
| download | binutils-gdb-bdad782cff2e62b57ddfa743dca05ff7e7985f62.tar.gz binutils-gdb-bdad782cff2e62b57ddfa743dca05ff7e7985f62.tar.bz2 binutils-gdb-bdad782cff2e62b57ddfa743dca05ff7e7985f62.zip | |
Prevent an infinite loop in the DWARF parsing code when encountering a CU structure with a small negative size.
PR 22219
* dwarf.c (process_debug_info): Add a check for a negative
cu_length field.
| -rw-r--r-- | binutils/dwarf.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 3842ffdf118..216749351c8 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -2547,7 +2547,7 @@ process_debug_info (struct dwarf_section *section, int level, last_level, saved_level; dwarf_vma cu_offset; unsigned int offset_size; - int initial_length_size; + unsigned int initial_length_size; dwarf_vma signature_high = 0; dwarf_vma signature_low = 0; dwarf_vma type_offset = 0; @@ -2695,6 +2695,15 @@ process_debug_info (struct dwarf_section *section, num_units = unit; break; } + else if (compunit.cu_length + initial_length_size < initial_length_size) + { + warn (_("Debug info is corrupted, length of CU at %s is negative (%s)\n"), + dwarf_vmatoa ("x", cu_offset), + dwarf_vmatoa ("x", compunit.cu_length)); + num_units = unit; + break; + } + tags = hdrptr; start += compunit.cu_length + initial_length_size; |