This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
[gold commit] Fix segfault when reading corrupt .debug_pubnames table
- From: Cary Coutant <ccoutant at google dot com>
- To: Binutils <binutils at sourceware dot org>
- Date: Mon, 9 Jun 2014 14:53:17 -0700
- Subject: [gold commit] Fix segfault when reading corrupt .debug_pubnames table
- Authentication-results: sourceware.org; auth=none
Sometimes, GCC will produce a .debug_pubnames unit_length field that is
too large, and gold will try to read name entries beyond the end of the
section. This patch adds an extra check to prevent that from happening.
-cary
2014-06-09 Cary Coutant <ccoutant@google.com>
gold/
* dwarf_reader.cc (Dwarf_pubnames_table::read_header): Check that
unit_length is within section bounds.
diff --git a/gold/dwarf_reader.cc b/gold/dwarf_reader.cc
index df14bd5..30aea10 100644
--- a/gold/dwarf_reader.cc
+++ b/gold/dwarf_reader.cc
@@ -580,6 +580,12 @@ Dwarf_pubnames_table::read_header(off_t offset)
}
this->end_of_table_ = pinfo + unit_length;
+ // If unit_length is too big, maybe we should reject the whole table,
+ // but in cases we know about, it seems OK to assume that the table
+ // is valid through the actual end of the section.
+ if (this->end_of_table_ > this->buffer_end_)
+ this->end_of_table_ = this->buffer_end_;
+
// Check the version.
unsigned int version = this->dwinfo_->read_from_pointer<16>(pinfo);
pinfo += 2;