X-Git-Url: http://git.efficios.com/?a=blobdiff_plain;f=binutils%2Frddbg.c;h=1c2babde9ba6730dff315c3f083e895324a40180;hb=452397af30f68f6d4ed05fa6d9fc30ca70cbe7f9;hp=e977d8b5ef14000697aac3e76d44497cfbf9e7c3;hpb=7806762e81b7e010282cb3022441a80443d07d27;p=deliverable%2Fbinutils-gdb.git

diff --git a/binutils/rddbg.c b/binutils/rddbg.c
index e977d8b5ef..1c2babde9b 100644
--- a/binutils/rddbg.c
+++ b/binutils/rddbg.c
@@ -1,13 +1,12 @@
 /* rddbg.c -- Read debugging information into a generic form.
-   Copyright 1995, 1996, 1997, 2000, 2002, 2003, 2005
-   Free Software Foundation, Inc.
+   Copyright (C) 1995-2015 Free Software Foundation, Inc.
    Written by Ian Lance Taylor <ian@cygnus.com>.
 
    This file is part of GNU Binutils.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
+   the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
 
    This program is distributed in the hope that it will be useful,
@@ -20,13 +19,15 @@
    Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
    02110-1301, USA.  */
 
+
 /* This file reads debugging information into a generic form.  This
    file knows how to dig the debugging information out of an object
    file.  */
 
+#include "sysdep.h"
 #include "bfd.h"
-#include "bucomm.h"
 #include "libiberty.h"
+#include "bucomm.h"
 #include "debug.h"
 #include "budbg.h"
 
@@ -43,7 +44,7 @@ static void free_saved_stabs (void);
    pointer.  */
 
 void *
-read_debugging_info (bfd *abfd, asymbol **syms, long symcount)
+read_debugging_info (bfd *abfd, asymbol **syms, long symcount, bfd_boolean no_messages)
 {
   void *dhandle;
   bfd_boolean found;
@@ -82,8 +83,9 @@ read_debugging_info (bfd *abfd, asymbol **syms, long symcount)
 
   if (! found)
     {
-      non_fatal (_("%s: no recognized debugging information"),
-		 bfd_get_filename (abfd));
+      if (! no_messages)
+	non_fatal (_("%s: no recognized debugging information"),
+		   bfd_get_filename (abfd));
       return NULL;
     }
 
@@ -137,7 +139,7 @@ read_section_stabs_debugging_info (bfd *abfd, asymbol **syms, long symcount,
 	    }
 
 	  strsize = bfd_section_size (abfd, strsec);
-	  strings = (bfd_byte *) xmalloc (strsize);
+	  strings = (bfd_byte *) xmalloc (strsize + 1);
 	  if (! bfd_get_section_contents (abfd, strsec, strings, 0, strsize))
 	    {
 	      fprintf (stderr, "%s: %s: %s\n",
@@ -145,7 +147,8 @@ read_section_stabs_debugging_info (bfd *abfd, asymbol **syms, long symcount,
 		       bfd_errmsg (bfd_get_error ()));
 	      return FALSE;
 	    }
-
+	  /* Zero terminate the strings table, just in case.  */
+	  strings [strsize] = 0;
 	  if (shandle == NULL)
 	    {
 	      shandle = start_stab (dhandle, abfd, TRUE, syms, symcount);
@@ -157,11 +160,12 @@ read_section_stabs_debugging_info (bfd *abfd, asymbol **syms, long symcount,
 
 	  stroff = 0;
 	  next_stroff = 0;
-	  for (stab = stabs; stab < stabs + stabsize; stab += 12)
+	  /* PR 17512: file: 078-60391-0.001:0.1.  */
+	  for (stab = stabs; stab <= (stabs + stabsize) - 12; stab += 12)
 	    {
 	      unsigned int strx;
 	      int type;
-	      int other;
+	      int other ATTRIBUTE_UNUSED;
 	      int desc;
 	      bfd_vma value;
 
@@ -182,33 +186,43 @@ read_section_stabs_debugging_info (bfd *abfd, asymbol **syms, long symcount,
 		}
 	      else
 		{
+		  size_t len;
 		  char *f, *s;
 
-		  f = NULL;
-
-		  if (stroff + strx > strsize)
+		  if (stroff + strx >= strsize)
 		    {
-		      fprintf (stderr, "%s: %s: stab entry %ld is corrupt, strx = 0x%x, type = %d\n",
+		      fprintf (stderr, _("%s: %s: stab entry %ld is corrupt, strx = 0x%x, type = %d\n"),
 			       bfd_get_filename (abfd), names[i].secname,
 			       (long) (stab - stabs) / 12, strx, type);
 		      continue;
 		    }
 
 		  s = (char *) strings + stroff + strx;
+		  f = NULL;
 
-		  while (s[strlen (s) - 1] == '\\'
+		  /* PR 17512: file: 002-87578-0.001:0.1.
+		     It is possible to craft a file where, without the 'strlen (s) > 0',
+		     an attempt to read the byte before 'strings' would occur.  */
+		  while ((len = strlen (s)) > 0
+			 && s[len  - 1] == '\\'
 			 && stab + 12 < stabs + stabsize)
 		    {
 		      char *p;
 
 		      stab += 12;
-		      p = s + strlen (s) - 1;
+		      p = s + len - 1;
 		      *p = '\0';
-		      s = concat (s,
-				  ((char *) strings
-				   + stroff
-				   + bfd_get_32 (abfd, stab)),
-				  (const char *) NULL);
+		      strx = stroff + bfd_get_32 (abfd, stab);
+		      if (strx >= strsize)
+			{
+			  fprintf (stderr, _("%s: %s: stab entry %ld is corrupt\n"),
+				   bfd_get_filename (abfd), names[i].secname,
+				   (long) (stab - stabs) / 12);
+			  break;
+			}
+		      else
+			s = concat (s, (char *) strings + strx,
+				    (const char *) NULL);
 
 		      /* We have to restore the backslash, because, if
 			 the linker is hashing stabs strings, we may