From patchwork Mon Dec 12 14:09:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alan Modra X-Patchwork-Id: 32407 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp2264720wrr; Mon, 12 Dec 2022 06:13:07 -0800 (PST) X-Google-Smtp-Source: AA0mqf42y83qERSF6CycuJrpnhSdVwd/8MQF0XsDB5ngajiJ31pbYvAk9SaUhoTQZKD/v9+H0Syw X-Received: by 2002:a05:6402:183:b0:461:56b2:943 with SMTP id r3-20020a056402018300b0046156b20943mr13644915edv.40.1670854387008; Mon, 12 Dec 2022 06:13:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670854386; cv=none; d=google.com; s=arc-20160816; b=fSd/aA6i/0AttHvfIny8MBNYgkWFxj3r1rH3N4sR/m7+X9TpysqfGoKSj5rSgmu5zg XIlqaHgguav4/s/jUA4newdshi1cWwypz2WqRXcbwzea9MLb0Du6rSJ3/we0Euh5s4GV Uq4JKMKXWEAy4Rw7WDARYE6QNDCQStcxFbwBJ2Rd35QQ9Vd0zfQv1FdaUQUyD+SebQij H5rKe+tr9S/xd+ReXdR0u6Ix0tqNJ2t38PuyG/Bs/TKVtU6QNcYRrkxaS6n4FojJgYKx N7JgNOSl/6k1lkSG+4u/4ACYmjW91KrrO874StjtR2K0gHNI/T0q8YBoOF7XO7XZLTjc eyDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-disposition:mime-version:message-id:subject:to:date :dmarc-filter:delivered-to:dkim-signature:dkim-filter; bh=FXXaHPpWNcUNdi5ZqD1jG+OsvYK8wRbwGmcbEVwA4Mc=; b=T8wpD69cBHLjI/vHa35XGxhI81qAyU/fSmNM0xZ175qIjPMY7WEZp8C9PT2+FkPq3O 5xp6L3+GBphZIPTa44MqM/9eEMOrM0UEX/tLiOk1PHb0efBi2lSaUnkQuhNFk1tJ1R5S 0fkpqcEww+9bKpPhlXkEMp/my+20n4EEWGCyyfxGy8LTfgzJV3Vln8A3uAZXlP72lSZo 4OiUJ/QdFC91JtzQsLFwCoeZeyxS4q5rdMvR8zCu/LB84WhUq0XxPIIUftgnnMW5ywkZ zoQe3sHsv5XTaM3dCTJZekkdeNV2sioy/2+3U6e51FvEjmY02tcU266unDbU+vSYgwjJ wwdg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=aNxlqvKZ; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from sourceware.org (ip-8-43-85-97.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id z9-20020a056402274900b0046b9715162csi8819194edd.21.2022.12.12.06.13.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Dec 2022 06:13:06 -0800 (PST) Received-SPF: pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=aNxlqvKZ; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C70D13844B12 for ; Mon, 12 Dec 2022 14:09:57 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C70D13844B12 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1670854197; bh=FXXaHPpWNcUNdi5ZqD1jG+OsvYK8wRbwGmcbEVwA4Mc=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=aNxlqvKZ/mq5G1ms6Zo4crqaFOoyg3A0Xeiq9dc0TsguHxSK1Bf521FLJIkZIgzMT za0wX2VN9C2t6hdsVhASFrRv5NA3frxAP7baQ2u+rCl3uaw9CRR96lV7XzX8udrQSw lXy91xzoiFa7YmxOA4GLIV/F1G0wJuPWMyTCGdqE= X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030]) by sourceware.org (Postfix) with ESMTPS id C63B4384EF69 for ; Mon, 12 Dec 2022 14:09:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C63B4384EF69 Received: by mail-pj1-x1030.google.com with SMTP id b13-20020a17090a5a0d00b0021906102d05so12335987pjd.5 for ; Mon, 12 Dec 2022 06:09:47 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FXXaHPpWNcUNdi5ZqD1jG+OsvYK8wRbwGmcbEVwA4Mc=; b=3s6b7acmWOfupBhsazQhIcvEUJWbGcdzpSgDpVxDPOYkZaD2rcXH7U933U8Vjq1iri wKtKRsXko+t7qqRvVPMqWE1iO9zxde4Gl/VFfu8EZyGTF/KuV89oCJ1UpiXv/RDQUaa4 mygk7eMbw7mogQk6/CY+7Otah3Rg9wboIgd8uTyyGogYoFHozApzTdcXrgn0F5UBCI8z iH8othdSaJoy6ebMPV1w3m8O2WFgbZFmMXhfHF9iP1PW9n8nLxPX3W9jqgdV0xmYLFeV XxwWMxrnLYfU4J3et4zRih0qPbx5L1eoYME5q2iHgaZRmQxBX/WM6gQpVNFN2F6YENJI kkIA== X-Gm-Message-State: ANoB5pl77KBZ1CMr2zBqtqiJaN5sWMU4nmAXAxlcyvSH2zeFSRyhwGfm VqyqJy9jEqOYitfhSPXSpw6pTAm0Kzw= X-Received: by 2002:a17:903:2412:b0:188:82fc:e277 with SMTP id e18-20020a170903241200b0018882fce277mr17296021plo.12.1670854186666; Mon, 12 Dec 2022 06:09:46 -0800 (PST) Received: from squeak.grove.modra.org ([2406:3400:51d:8cc0:df68:d539:4b5b:722a]) by smtp.gmail.com with ESMTPSA id z12-20020a170903018c00b001891ea4d133sm6419236plg.12.2022.12.12.06.09.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Dec 2022 06:09:46 -0800 (PST) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id 84510114048B; Tue, 13 Dec 2022 00:39:43 +1030 (ACDT) Date: Tue, 13 Dec 2022 00:39:43 +1030 To: binutils@sourceware.org Subject: PR29893, buffer overflow in display_debug_addr Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Spam-Status: No, score=-3035.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Alan Modra via Binutils From: Alan Modra Reply-To: Alan Modra Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org Sender: "Binutils" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1752017809587365376?= X-GMAIL-MSGID: =?utf-8?q?1752017809587365376?= PR 29893 * dwarf.c (display_debug_addr): Sanity check dwarf5 unit_length field. Don't read past end. diff --git a/binutils/dwarf.c b/binutils/dwarf.c index b3039151ff6..c39c695863a 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -7731,8 +7731,13 @@ display_debug_addr (struct dwarf_section *section, SAFE_BYTE_GET_AND_INC (length, curr_header, 4, entry); if (length == 0xffffffff) SAFE_BYTE_GET_AND_INC (length, curr_header, 8, entry); + if (length > (size_t) (section->start + section->size - curr_header)) + { + warn (_("Corrupt %s section: unit_length field of %#" PRIx64 + " too large\n"), section->name, length); + return 0; + } end = curr_header + length; - SAFE_BYTE_GET_AND_INC (version, curr_header, 2, entry); if (version != 5) warn (_("Corrupt %s section: expecting version number 5 in header but found %d instead\n"), @@ -7746,7 +7751,7 @@ display_debug_addr (struct dwarf_section *section, end = section->start + debug_addr_info [i + 1]->addr_base; header = end; idx = 0; - while (entry < end) + while ((size_t) (end - entry) >= address_size) { uint64_t base = byte_get (entry, address_size); printf (_("\t%d:\t"), idx);