espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-27 22:48:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

asan: heap buffer overflow in dwarf2_directive_filename

Browse Source 
Seen with .file 4294967289 "xxx.c"

	* dwarf2dbg.c (assign_file_to_slot): Catch more cases of integer
	overflow.  Make param i an unsigned int.
This commit is contained in:
Alan Modra
2022-06-01 17:44:41 +09:30
parent b3abcebcae
commit 6f87d3fd27
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
gas/dwarf2dbg.c
View File

@ -679,7 +679,7 @@ get_directory_table_entry (const char *dirname,
}
static bool
assign_file_to_slot (unsigned long i, const char *file, unsigned int dir)
assign_file_to_slot (unsigned int i, const char *file, unsigned int dir)
{
if (i >= files_allocated)
{
@ -687,9 +687,11 @@ assign_file_to_slot (unsigned long i, const char *file, unsigned int dir)
files_allocated = i + 32;
/* Catch wraparound. */
if (files_allocated <= old)
if (files_allocated < old
|| files_allocated < i
|| files_allocated > UINT_MAX / sizeof (struct file_entry))
{
as_bad (_("file number %lu is too big"), (unsigned long) i);
as_bad (_("file number %u is too big"), i);
return false;
}