X-Git-Url: http://git.efficios.com/?a=blobdiff_plain;f=bfd%2Fdwarf1.c;h=1fd21e32ede5120061a2d2179129e1d89ebbc1dd;hb=2480b6fa946bb2d2dc993b1c4a83a8e1258a75e8;hp=37d0e8200654034781e501c37e3544fff541401c;hpb=2571583aed598dd3f9651b53434e5f177a0e3cf7;p=deliverable%2Fbinutils-gdb.git diff --git a/bfd/dwarf1.c b/bfd/dwarf1.c index 37d0e82006..1fd21e32ed 100644 --- a/bfd/dwarf1.c +++ b/bfd/dwarf1.c @@ -1,5 +1,5 @@ /* DWARF 1 find nearest line (_bfd_dwarf1_find_nearest_line). - Copyright (C) 1998-2017 Free Software Foundation, Inc. + Copyright (C) 1998-2019 Free Software Foundation, Inc. Written by Gavin Romig-Koch of Cygnus Solutions (gavin@cygnus.com). @@ -178,10 +178,10 @@ alloc_dwarf1_func (struct dwarf1_debug* stash, struct dwarf1_unit* aUnit) Return FALSE if the die is invalidly formatted; TRUE otherwise. */ static bfd_boolean -parse_die (bfd * abfd, +parse_die (bfd * abfd, struct die_info * aDieInfo, - bfd_byte * aDiePtr, - bfd_byte * aDiePtrEnd) + bfd_byte * aDiePtr, + bfd_byte * aDiePtrEnd) { bfd_byte *this_die = aDiePtr; bfd_byte *xptr = this_die; @@ -189,11 +189,14 @@ parse_die (bfd * abfd, memset (aDieInfo, 0, sizeof (* aDieInfo)); /* First comes the length. */ - aDieInfo->length = bfd_get_32 (abfd, (bfd_byte *) xptr); + if (xptr + 4 > aDiePtrEnd) + return FALSE; + aDieInfo->length = bfd_get_32 (abfd, xptr); xptr += 4; if (aDieInfo->length == 0 - || (this_die + aDieInfo->length) >= aDiePtrEnd) + || this_die + aDieInfo->length > aDiePtrEnd) return FALSE; + aDiePtrEnd = this_die + aDieInfo->length; if (aDieInfo->length < 6) { /* Just padding bytes. */ @@ -202,18 +205,21 @@ parse_die (bfd * abfd, } /* Then the tag. */ - aDieInfo->tag = bfd_get_16 (abfd, (bfd_byte *) xptr); + if (xptr + 2 > aDiePtrEnd) + return FALSE; + aDieInfo->tag = bfd_get_16 (abfd, xptr); xptr += 2; /* Then the attributes. */ - while (xptr < (this_die + aDieInfo->length)) + while (xptr + 2 <= aDiePtrEnd) { + unsigned int block_len; unsigned short attr; /* Parse the attribute based on its form. This section - must handle all dwarf1 forms, but need only handle the + must handle all dwarf1 forms, but need only handle the actual attributes that we care about. */ - attr = bfd_get_16 (abfd, (bfd_byte *) xptr); + attr = bfd_get_16 (abfd, xptr); xptr += 2; switch (FORM_FROM_ATTR (attr)) @@ -223,12 +229,15 @@ parse_die (bfd * abfd, break; case FORM_DATA4: case FORM_REF: - if (attr == AT_sibling) - aDieInfo->sibling = bfd_get_32 (abfd, (bfd_byte *) xptr); - else if (attr == AT_stmt_list) + if (xptr + 4 <= aDiePtrEnd) { - aDieInfo->stmt_list_offset = bfd_get_32 (abfd, (bfd_byte *) xptr); - aDieInfo->has_stmt_list = 1; + if (attr == AT_sibling) + aDieInfo->sibling = bfd_get_32 (abfd, xptr); + else if (attr == AT_stmt_list) + { + aDieInfo->stmt_list_offset = bfd_get_32 (abfd, xptr); + aDieInfo->has_stmt_list = 1; + } } xptr += 4; break; @@ -236,22 +245,41 @@ parse_die (bfd * abfd, xptr += 8; break; case FORM_ADDR: - if (attr == AT_low_pc) - aDieInfo->low_pc = bfd_get_32 (abfd, (bfd_byte *) xptr); - else if (attr == AT_high_pc) - aDieInfo->high_pc = bfd_get_32 (abfd, (bfd_byte *) xptr); + if (xptr + 4 <= aDiePtrEnd) + { + if (attr == AT_low_pc) + aDieInfo->low_pc = bfd_get_32 (abfd, xptr); + else if (attr == AT_high_pc) + aDieInfo->high_pc = bfd_get_32 (abfd, xptr); + } xptr += 4; break; case FORM_BLOCK2: - xptr += 2 + bfd_get_16 (abfd, (bfd_byte *) xptr); + if (xptr + 2 <= aDiePtrEnd) + { + block_len = bfd_get_16 (abfd, xptr); + if (xptr + block_len > aDiePtrEnd + || xptr + block_len < xptr) + return FALSE; + xptr += block_len; + } + xptr += 2; break; case FORM_BLOCK4: - xptr += 4 + bfd_get_32 (abfd, (bfd_byte *) xptr); + if (xptr + 4 <= aDiePtrEnd) + { + block_len = bfd_get_32 (abfd, xptr); + if (xptr + block_len > aDiePtrEnd + || xptr + block_len < xptr) + return FALSE; + xptr += block_len; + } + xptr += 4; break; case FORM_STRING: if (attr == AT_name) aDieInfo->name = (char *) xptr; - xptr += strlen ((char *) xptr) + 1; + xptr += strnlen ((char *) xptr, aDiePtrEnd - xptr) + 1; break; } } @@ -290,7 +318,7 @@ parse_line_table (struct dwarf1_debug* stash, struct dwarf1_unit* aUnit) } xptr = stash->line_section + aUnit->stmt_list_offset; - if (xptr < stash->line_section_end) + if (xptr + 8 <= stash->line_section_end) { unsigned long eachLine; bfd_byte *tblend; @@ -312,12 +340,17 @@ parse_line_table (struct dwarf1_debug* stash, struct dwarf1_unit* aUnit) /* Allocate an array for the entries. */ amt = sizeof (struct linenumber) * aUnit->line_count; aUnit->linenumber_table = (struct linenumber *) bfd_alloc (stash->abfd, - amt); + amt); if (!aUnit->linenumber_table) return FALSE; for (eachLine = 0; eachLine < aUnit->line_count; eachLine++) { + if (xptr + 10 > stash->line_section_end) + { + aUnit->line_count = eachLine; + break; + } /* A line number. */ aUnit->linenumber_table[eachLine].linenumber = bfd_get_32 (stash->abfd, (bfd_byte *) xptr); @@ -348,7 +381,7 @@ parse_functions_in_unit (struct dwarf1_debug* stash, struct dwarf1_unit* aUnit) if (aUnit->first_child) for (eachDie = aUnit->first_child; - eachDie < stash->debug_section_end; + eachDie < stash->debug_section_end; ) { struct die_info eachDieInfo; @@ -539,9 +572,9 @@ _bfd_dwarf1_find_nearest_line (bfd *abfd, not it's sibling. */ if (aDieInfo.sibling && stash->currentDie + aDieInfo.length - < stash->debug_section_end + < stash->debug_section_end && stash->currentDie + aDieInfo.length - != stash->debug_section + aDieInfo.sibling) + != stash->debug_section + aDieInfo.sibling) aUnit->first_child = stash->currentDie + aDieInfo.length; else aUnit->first_child = 0;