Fix an attempt to allocate an excessive amount of memory when parsing a corrupt DWARF...
authorNick Clifton <nickc@redhat.com>
Tue, 11 Apr 2023 15:14:23 +0000 (16:14 +0100)
committerNick Clifton <nickc@redhat.com>
Tue, 11 Apr 2023 15:14:23 +0000 (16:14 +0100)
  PR 30313
  * dwarf.c (display_debug_lines_decoded): Check for an overlarge number of files or directories.

binutils/ChangeLog
binutils/dwarf.c

index 285b90c2a6870d24650474e852b02caff8af6997..59ab08a26e657046fbbafebd0b4ce60ed5e4f40a 100644 (file)
@@ -1,5 +1,9 @@
 2023-04-11  Nick Clifton  <nickc@redhat.com>
 
+       PR 30313
+       * dwarf.c (display_debug_lines_decoded): Check for an overlarge
+       number of files or directories.
+
        PR 30312
        * dwarf.c (prealloc_cu_tu_list): Always allocate at least one
        entry.
index ab0a3caf632bb2de7a03e3e7893b43efc6c43ee1..f6ff238d3cb847f4d36dbb6a4b60d25fd5c44f7d 100644 (file)
@@ -4997,6 +4997,12 @@ display_debug_lines_decoded (struct dwarf_section *  section,
 
              if (n_directories == 0)
                directory_table = NULL;
+             else if (n_directories > section->size)
+               {
+                 warn (_("number of directories (0x%x) exceeds size of section %s\n"),
+                       n_directories, section->name);
+                 return 0;
+               }
              else
                directory_table = (char **)
                  xcalloc (n_directories, sizeof (unsigned char *));
@@ -5055,6 +5061,7 @@ display_debug_lines_decoded (struct dwarf_section *  section,
              if (do_checks && format_count > 5)
                warn (_("Unexpectedly large number of columns in the file name table (%u)\n"),
                      format_count);
+
              format_start = data;
              for (formati = 0; formati < format_count; formati++)
                {
@@ -5071,6 +5078,12 @@ display_debug_lines_decoded (struct dwarf_section *  section,
 
              if (n_files == 0)
                file_table = NULL;
+             else if (n_files > section->size)
+               {
+                 warn (_("number of files (0x%x) exceeds size of section %s\n"),
+                       n_files, section->name);
+                 return 0;
+               }
              else
                file_table = (File_Entry *) xcalloc (n_files,
                                                     sizeof (File_Entry));