From patchwork Mon Feb 13 12:38:30 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alan Modra <amodra@gmail.com>
X-Patchwork-Id: 56267
Return-Path: <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2318897wrn;
        Mon, 13 Feb 2023 04:38:43 -0800 (PST)
X-Google-Smtp-Source: 
 AK7set+oYj26kCqCRwd8FEBVbtmxYrVOlB4/JSv2fAAutiTGd9WNMtLPObWO54zmKRgPcRbrrRpy
X-Received: by 2002:a17:907:7e8f:b0:8b0:fc14:bbcb with SMTP id
 qb15-20020a1709077e8f00b008b0fc14bbcbmr5813887ejc.42.1676291923793;
        Mon, 13 Feb 2023 04:38:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1676291923; cv=none;
        d=google.com; s=arc-20160816;
        b=OyETIFPCkLxRX2FViHkOXT4eFaigU2j4PI2aoaKYhIKzrgINUI3a3iJP4gX78uB/fC
         ZJGfWVR2+39+awCfo2QyieSHZh9WRPNno7mJBnK/6WL57cDSdpeJ3NjDumhD+aWotzba
         nLaIamn7BmvtYAbTg1d1ckYwSsZdjhU8iqe+mSKfQsqD/IxFvsXjNfTpLdSRPD0skmqU
         hCPKXnOmPJZd4QHiCJVApu28OMlWfa/kGYDdxDwjXwG3NvZEJLu3klT6T26027lMBZnh
         E0fu1Qmm9aK1xIH0T7uh/FsZ/XL0wPGWm5hthHwuvy/8+ox+NJ9p1qn5sZzcZHqX2cZ2
         n/gw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post
         :list-archive:list-unsubscribe:list-id:precedence
         :content-disposition:mime-version:message-id:subject:to:date
         :dmarc-filter:delivered-to:dkim-signature:dkim-filter;
        bh=UP0Ei3NKAliuIDtaGX12wM7CA0JrnAoDzo4fMd6mQeQ=;
        b=thxsw2XMUAbX9nTnFKJ6ySpckjmZhezekpmW4m5maYMuJeBjAUdaBI7EESDtY7E/s8
         7iqotMYr4jnA1g37jhkSkNq7UDptOCaDSXblp4jNP2FvysULAyn5AiERweSjvkWiNBNU
         1qp51lUuEtW+kM3iCMUTP7BDb8t2SlYAmzM40TKhwRVoa5+EDfUcBWwYHW7AWIPGA9Ms
         Oyb+41qySwDPU1EGdIypQF9U4nKJbpBm7XQ5J7JuYEU3jBOdBt3G67aIVN40yDJZc4Xk
         sHufSXMnpRrZoujTRc5Nyzy+KumvjldHVohUF5TzU+tr1/4MJAijXWX6kn9P28cqYZoN
         rZnA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@sourceware.org header.s=default
 header.b="ja7JpMh/";
       spf=pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org
Received: from sourceware.org (server2.sourceware.org. [8.43.85.97])
        by mx.google.com with ESMTPS id
 eu3-20020a170907298300b0084cd1ecf338si15510770ejc.705.2023.02.13.04.38.43
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 13 Feb 2023 04:38:43 -0800 (PST)
Received-SPF: pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as
 permitted sender) client-ip=8.43.85.97;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@sourceware.org header.s=default
 header.b="ja7JpMh/";
       spf=pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id D9CB9383FB8D
	for <ouuuleilei@gmail.com>; Mon, 13 Feb 2023 12:38:42 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D9CB9383FB8D
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1676291922;
	bh=UP0Ei3NKAliuIDtaGX12wM7CA0JrnAoDzo4fMd6mQeQ=;
	h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=ja7JpMh/b6e+SgH+iJRE6kJ9rEnIyWfDaNporHDp2pdPPY+F6k8qsULlwd7yOQd+Z
	 qe9z5gcD0Y9HLxHM87M1r2P2gtNnoSUj6WuWkCWi77+CUg+eWeDynzo9HZD97kptQn
	 e9yYHMaXJq3Un8p35cQ1GzZER2i8N+fARjJE3wDk=
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com
 [IPv6:2607:f8b0:4864:20::635])
 by sourceware.org (Postfix) with ESMTPS id 9170F384F031
 for <binutils@sourceware.org>; Mon, 13 Feb 2023 12:38:34 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9170F384F031
Received: by mail-pl1-x635.google.com with SMTP id m2so13356435plg.4
 for <binutils@sourceware.org>; Mon, 13 Feb 2023 04:38:34 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-disposition:mime-version:message-id:subject:to:from:date
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=UP0Ei3NKAliuIDtaGX12wM7CA0JrnAoDzo4fMd6mQeQ=;
 b=pAdlOYMUmIrMjQqompLumtfD92FmcllFqtTt9G12b12r8mMfRE0wVXs4J5T+oMrGN/
 hDkiS21MrK6hydpsI8/TtAKNDBAJNS04VGnziXY7mcJMi7pgW3ySKAke03RNjSP/XxbA
 7WBB6IgI7AwpxsbZNELVn/x+sjNKP8bUCGnsLBJL+5sF+d0Z/54d7KGtob9qXZBFapla
 iPWqbWPPBDJbnIcI3ebHqpCJlYRQ1DS66FYGHtA3oqeEg+GpA52o4CS8IzAl5TYdl+M8
 SlPKQwTqga6YuWlwepd3JtZPdHLh6x46Cr8P5wrlo8VBKkKO8mauOpzuMmSlvNXpsPPW
 0RWg==
X-Gm-Message-State: AO0yUKW+aRByhcMIO9tzKAl1aHWzJU7oRR+Mp3EGiY7u47bo6SdGA6e3
 UUOnpxzQC1J1xPizgurpzxel2BrazzE=
X-Received: by 2002:a17:902:dac9:b0:199:4934:9d31 with SMTP id
 q9-20020a170902dac900b0019949349d31mr21406804plx.20.1676291913409;
 Mon, 13 Feb 2023 04:38:33 -0800 (PST)
Received: from squeak.grove.modra.org
 ([2406:3400:51d:8cc0:8dde:3ec7:89e7:261d])
 by smtp.gmail.com with ESMTPSA id
 w12-20020a1709027b8c00b0019a73a45e60sm6004481pll.19.2023.02.13.04.38.32
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 13 Feb 2023 04:38:33 -0800 (PST)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
 id C4D081141981; Mon, 13 Feb 2023 23:08:30 +1030 (ACDT)
Date: Mon, 13 Feb 2023 23:08:30 +1030
To: binutils@sourceware.org
Subject: _bfd_ecoff_slurp_symbol_table buffer overflow
Message-ID: <Y+ovRotGLLHQE09t@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Disposition: inline
X-Spam-Status: No, score=-3034.5 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-Patchwork-Original-From: Alan Modra via Binutils <binutils@sourceware.org>
From: Alan Modra <amodra@gmail.com>
Reply-To: Alan Modra <amodra@gmail.com>
Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org
Sender: "Binutils" <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1757719480104700207?=
X-GMAIL-MSGID: =?utf-8?q?1757719480104700207?=

Add missing bounds check for local symbols, and tidy the existing
bounds checking.

	* ecoff.c (_bfd_ecoff_slurp_symbol_table): Break overlong lines.
	Set bfd_error.  Bounds check internal_sym.iss.

diff --git a/bfd/ecoff.c b/bfd/ecoff.c
index 48f33df630e..7498766dd3f 100644
--- a/bfd/ecoff.c
+++ b/bfd/ecoff.c
@@ -896,9 +896,13 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
       (*swap_ext_in) (abfd, (void *) eraw_src, &internal_esym);
 
       /* PR 17512: file: 3372-1000-0.004.  */
-      if (internal_esym.asym.iss >= ecoff_data (abfd)->debug_info.symbolic_header.issExtMax
+      HDRR *symhdr = &ecoff_data (abfd)->debug_info.symbolic_header;
+      if (internal_esym.asym.iss >= symhdr->issExtMax
 	  || internal_esym.asym.iss < 0)
-	return false;
+	{
+	  bfd_set_error (bfd_error_bad_value);
+	  return false;
+	}
 
       internal_ptr->symbol.name = (ecoff_data (abfd)->debug_info.ssext
 				   + internal_esym.asym.iss);
@@ -909,17 +913,13 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
 	return false;
 
       /* The alpha uses a negative ifd field for section symbols.  */
-      if (internal_esym.ifd >= 0)
-	{
-	  /* PR 17512: file: 3372-1983-0.004.  */
-	  if (internal_esym.ifd >= ecoff_data (abfd)->debug_info.symbolic_header.ifdMax)
-	    internal_ptr->fdr = NULL;
-	  else
-	    internal_ptr->fdr = (ecoff_data (abfd)->debug_info.fdr
-				 + internal_esym.ifd);
-	}
-      else
+      /* PR 17512: file: 3372-1983-0.004.  */
+      if (internal_esym.ifd >= symhdr->ifdMax
+	  || internal_esym.ifd < 0)
 	internal_ptr->fdr = NULL;
+      else
+	internal_ptr->fdr = (ecoff_data (abfd)->debug_info.fdr
+			     + internal_esym.ifd);
       internal_ptr->local = false;
       internal_ptr->native = (void *) eraw_src;
     }
@@ -943,6 +943,14 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
 	  SYMR internal_sym;
 
 	  (*swap_sym_in) (abfd, (void *) lraw_src, &internal_sym);
+
+	  HDRR *symhdr = &ecoff_data (abfd)->debug_info.symbolic_header;
+	  if (internal_sym.iss >= symhdr->issMax
+	      || internal_sym.iss < 0)
+	    {
+	      bfd_set_error (bfd_error_bad_value);
+	      return false;
+	    }
 	  internal_ptr->symbol.name = (ecoff_data (abfd)->debug_info.ss
 				       + fdr_ptr->issBase
 				       + internal_sym.iss);