Fuzzers have found a weakness in the code stashing pool section
entries. With random nonsensical values in the index entries (rather
than each index pointing to its own set distinct from other sets),
it's possible to overflow the space allocated, losing the NULL
terminator. Without a terminator, find_section_in_set can run off the
end of the shndx_pool buffer. Fix this by scanning the pool directly.
binutils/
* dwarf.c (add_shndx_to_cu_tu_entry): Delete range check.
(end_cu_tu_entry): Likewise.
(process_cu_tu_index): Fill shndx_pool by directly scanning
pool, rather than indirectly from index entries.
projects / thirdparty / binutils-gdb.git / commit
