diff options
| author | Nathan Sidwell <nathan@codesourcery.com> | 2007-01-31 08:42:45 +0000 |
|---|---|---|
| committer | Nathan Sidwell <nathan@codesourcery.com> | 2007-01-31 08:42:45 +0000 |
| commit | 460c89ff017f1adc9d301997c62c962a10aa2e36 (patch) | |
| tree | 65afdea2a4ca307ab197346ddf56d3cc3de0dbe4 | |
| parent | c9b57b7eb84ac2bf9020ad0cf9d9b65416e6b112 (diff) | |
| download | binutils-gdb-460c89ff017f1adc9d301997c62c962a10aa2e36.tar.gz | |
* dwarf.c (process_debug_info): Protect against bogus length and
abbrev offsets.
| -rw-r--r-- | binutils/ChangeLog | 5 | ||||
| -rw-r--r-- | binutils/dwarf.c | 27 |
2 files changed, 24 insertions, 8 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 5f99b214231..277083f6b21 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,8 @@ +2007-01-31 Nathan Sidwell <nathan@codesourcery.com> + + * dwarf.c (process_debug_info): Protect against bogus length and + abbrev offsets. + 2007-01-25 Kazu Hirata <kazu@codesourcery.com> * ar.c (print_contents, extract_file): Cast the return value diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 117d2a573e5..fe75b63a51f 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -1604,7 +1604,6 @@ process_debug_info (struct dwarf_section *section, void *file, hdrptr += 2; cu_offset = start - section_begin; - start += compunit.cu_length + initial_length_size; cu_abbrev_offset_ptr = hdrptr; compunit.cu_abbrev_offset = byte_get (hdrptr, offset_size); @@ -1628,8 +1627,6 @@ process_debug_info (struct dwarf_section *section, void *file, debug_information [unit].num_range_lists = 0; } - tags = hdrptr; - if (!do_loc) { printf (_(" Compilation Unit @ offset 0x%lx:\n"), cu_offset); @@ -1639,6 +1636,16 @@ process_debug_info (struct dwarf_section *section, void *file, printf (_(" Pointer Size: %d\n"), compunit.cu_pointer_size); } + if (cu_offset + compunit.cu_length + initial_length_size + > section->size) + { + warn (_("Debug info is corrupted, length is invalid (section is %lu bytes)\n"), + (unsigned long)section->size); + break; + } + tags = hdrptr; + start += compunit.cu_length + initial_length_size; + if (compunit.cu_version != 2 && compunit.cu_version != 3) { warn (_("Only version 2 and 3 DWARF debug information is currently supported.\n")); @@ -1649,11 +1656,15 @@ process_debug_info (struct dwarf_section *section, void *file, /* Process the abbrevs used by this compilation unit. DWARF sections under Mach-O have non-zero addresses. */ - process_abbrev_section - ((unsigned char *) debug_displays [abbrev].section.start - + compunit.cu_abbrev_offset - debug_displays [abbrev].section.address, - (unsigned char *) debug_displays [abbrev].section.start - + debug_displays [abbrev].section.size); + if (compunit.cu_abbrev_offset >= debug_displays [abbrev].section.size) + warn (_("Debug info is corrupted, abbrev offset is invalid (section is %lu bytes)\n"), + (unsigned long)debug_displays [abbrev].section.size); + else + process_abbrev_section + ((unsigned char *) debug_displays [abbrev].section.start + + compunit.cu_abbrev_offset - debug_displays [abbrev].section.address, + (unsigned char *) debug_displays [abbrev].section.start + + debug_displays [abbrev].section.size); level = 0; while (tags < start) |