Fix potential illegal memory accesses when parsing corrupt DWARF data.

PR 29914
	* dwarf.c (fetch_indexed_value): Fail if the section is not big
	enough to contain a header size field.
	(display_debug_addr): Fail if the computed address size is too big
	or too small.
This commit is contained in:
Nick Clifton
2022-12-19 11:13:46 +00:00
parent d14b3ea1c8
commit 42f39fdedc
2 changed files with 22 additions and 0 deletions

View File

@ -1,3 +1,11 @@
2022-12-19 Nick Clifton <nickc@redhat.com>
PR 29914
* dwarf.c (fetch_indexed_value): Fail if the section is not big
enough to contain a header size field.
(display_debug_addr): Fail if the computed address size is too big
or too small.
2022-12-16 Nick Clifton <nickc@redhat.com>
PR 29908

View File

@ -739,6 +739,13 @@ fetch_indexed_value (uint64_t idx,
return -1;
}
if (section->size < 4)
{
warn (_("Section %s is too small to contain an value indexed from another section!\n"),
section->name);
return -1;
}
uint32_t pointer_size, bias;
if (byte_get (section->start, 4) == 0xffffffff)
@ -7770,6 +7777,13 @@ display_debug_addr (struct dwarf_section *section,
header = end;
idx = 0;
if (address_size < 1 || address_size > sizeof (uint64_t))
{
warn (_("Corrupt %s section: address size (%x) is wrong"),
section->name, address_size);
return 0;
}
while ((size_t) (end - entry) >= address_size)
{
uint64_t base = byte_get (entry, address_size);