espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-24 12:23:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

Avoid possible pointer wrap

Browse Source 
PTR supplied to these macros can be read from user input, END is an
end of buffer pointer.  It's safer to do arithmetic on END than on PTR.

	* dwarf.c (SAFE_BYTE_GET): Check bounds by subtracting amount from
	END rather than adding amount to PTR.
	(SAFE_SIGNED_BYTE_GET, SAFE_BYTE_GET64): Likewise.
This commit is contained in:
Alan Modra
2021-05-10 09:56:43 +09:30
parent 400f0c9b88
commit 2d4b49864e
2 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
binutils/dwarf.c
View File

@ -406,7 +406,7 @@ read_leb128 (unsigned char *data,
amount, (int) sizeof (VAL)); \
amount = sizeof (VAL); \
} \
if (((PTR) + amount) >= (END)) \
if ((PTR) >= (END) - amount) \
{ \
if ((PTR) < (END)) \
amount = (END) - (PTR); \
@ -434,7 +434,7 @@ read_leb128 (unsigned char *data,
do \
{ \
unsigned int amount = (AMOUNT); \
if (((PTR) + amount) >= (END)) \
if ((PTR) >= (END) - amount) \
{ \
if ((PTR) < (END)) \
amount = (END) - (PTR); \
@ -460,7 +460,7 @@ read_leb128 (unsigned char *data,
#define SAFE_BYTE_GET64(PTR, HIGH, LOW, END) \
do \
{ \
if (((PTR) + 8) <= (END)) \
if ((PTR) <= (END) - 8) \
{ \
byte_get_64 ((PTR), (HIGH), (LOW)); \
} \