This is the mail archive of the binutils-cvs@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[binutils-gdb] Prevent a buffer overrun when parsing corrupt STABS debug information.

From: Nick Clifton <nickc at sourceware dot org>
To: bfd-cvs at sourceware dot org
Date: 13 Mar 2018 17:03:41 -0000
Subject: [binutils-gdb] Prevent a buffer overrun when parsing corrupt STABS debug information.

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e45ad1239d7d8591d5e80d8cbba7d404c6c3640f

commit e45ad1239d7d8591d5e80d8cbba7d404c6c3640f
Author: Nick Clifton <nickc@redhat.com>
Date:   Tue Mar 13 17:03:04 2018 +0000

    Prevent a buffer overrun when parsing corrupt STABS debug information.
    
    	PR 22957
    	* stabs.c (pop_binincl): Fail if the file index is off the end of
    	the stack.

Diff:
---
 binutils/ChangeLog | 7 +++++++
 binutils/stabs.c   | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index aab8cf6..233d5cb 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,5 +1,11 @@
 2018-03-13  Nick Clifton  <nickc@redhat.com>
 
+	PR 22957
+	* stabs.c (pop_binincl): Fail if the file index is off the end of
+	the stack.
+
+2018-03-13  Nick Clifton  <nickc@redhat.com>
+
 	PR 22955
 	* stabs.c (parse_number): Add p_end parameter and use it to check
 	the validity of the pp parameter.  Add checks to prevent walking
@@ -19,6 +25,7 @@
 	(parse_stab_members): Likewise.
 	(parse_stab_tilde_field): Likewise.
 	(parse_stab_array_type): Likewise.
+
 	* parse_stab: Compute the end of the string and then pass it on to
 	individual parser functions.
 
diff --git a/binutils/stabs.c b/binutils/stabs.c
index 807ca1e..bf53607 100644
--- a/binutils/stabs.c
+++ b/binutils/stabs.c
@@ -449,7 +449,6 @@ parse_stab (void *dhandle, void *handle, int type, int desc, bfd_vma value,
       info->file_types = ((struct stab_types **)
 			  xmalloc (sizeof *info->file_types));
       info->file_types[0] = NULL;
-
       info->so_string = NULL;
 
       /* Now process whatever type we just got.  */
@@ -3326,6 +3325,9 @@ pop_bincl (struct stab_handle *info)
     return info->main_filename;
   info->bincl_stack = o->next_stack;
 
+  if (o->file >= info->files)
+    return info->main_filename;
+
   o->file_types = info->file_types[o->file];
 
   if (info->bincl_stack == NULL)

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]