Fix a potential illegal memory access when displaying corrupt DWARF information.

PR 30312 * dwarf.c (prealloc_cu_tu_list): Always allocate at least one entry.
2025-12-19 01:19:41 +08:00 · 2023-04-11 15:59:07 +01:00
parent 45f5fe468b
commit 688fe114cd
2 changed files with 18 additions and 10 deletions
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,5 +1,9 @@
 2023-04-11  Nick Clifton  <nickc@redhat.com>

+	PR 30312
+	* dwarf.c (prealloc_cu_tu_list): Always allocate at least one
+	entry.
+
 	PR 30311
 	* readelf.c (uncompress_section_contents): Check for a
 	suspiciously large uncompressed size.
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -10733,6 +10733,10 @@ display_gdb_index (struct dwarf_section *section,
 static void
 prealloc_cu_tu_list (unsigned int nshndx)
 {
+  if (nshndx == 0)
+    /* Always allocate at least one entry for the end-marker.  */
+    nshndx = 1;
+
  if (shndx_pool == NULL)
    {
      shndx_pool_size = nshndx;
@@ -10797,7 +10801,7 @@ get_DW_SECT_short_name (unsigned int dw_sect)
   These sections are extensions for Fission.
   See http://gcc.gnu.org/wiki/DebugFissionDWP.  */

-static int
+static bool
 process_cu_tu_index (struct dwarf_section *section, int do_display)
 {
  unsigned char *phdr = section->start;
@@ -10818,14 +10822,14 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
  if (phdr == NULL)
    {
      warn (_("Section %s is empty\n"), section->name);
-      return 0;
+      return false;
    }
  /* PR 17512: file: 002-376-0.004.  */
  if (section->size < 24)
    {
      warn (_("Section %s is too small to contain a CU/TU header\n"),
 	    section->name);
-      return 0;
+      return false;
    }

  phash = phdr;
@@ -10857,7 +10861,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
 		      "Section %s is too small for %u slots\n",
 		      nslots),
 	    section->name, nslots);
-      return 0;
+      return false;
    }

  if (version == 1)
@@ -10887,7 +10891,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
 		if (shndx_list < ppool)
 		  {
 		    warn (_("Section index pool located before start of section\n"));
-		    return 0;
+		    return false;
 		  }

 		printf (_("  [%3d] Signature:  %#" PRIx64 "  Sections: "),
@@ -10898,7 +10902,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
 		      {
 			warn (_("Section %s too small for shndx pool\n"),
 			      section->name);
-			return 0;
+			return false;
 		      }
 		    SAFE_BYTE_GET (shndx, shndx_list, 4, limit);
 		    if (shndx == 0)
@@ -10941,7 +10945,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
 	{
 	  warn (_("Section %s too small for offset and size tables\n"),
 		section->name);
-	  return 0;
+	  return false;
 	}

      if (do_display)
@@ -10989,7 +10993,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
 		{
 		  warn (_("Row index (%u) is larger than number of used entries (%u)\n"),
 			row, nused);
-		  return 0;
+		  return false;
 		}

 	      if (!do_display)
@@ -11074,7 +11078,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
 			printf ("\n");
 		      warn (_("Too many rows/columns in DWARF index section %s\n"),
 			    section->name);
-		      return 0;
+		      return false;
 		    }

 		  SAFE_BYTE_GET (val, p, 4, limit);
@@ -11106,7 +11110,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
  if (do_display)
      printf ("\n");

-  return 1;
+  return true;
 }

 static int cu_tu_indexes_read = -1; /* Tri-state variable.  */