PR27860, Segmentation fault on readelf -w

Well it didn't take long for the SAFE_BYTE_GET assert to trigger.

	PR 27860
	* dwarf.c (display_debug_frames): Sanity check cie_off before
	attempting to read cie.

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 9f3099fcd76b53965c9df73a0292042fd99374ac..335c7d02fa81593bd99eae053039a7d5409677d3 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2021-05-13  Alan Modra  <amodra@gmail.com>
+
+       PR 27860
+       * dwarf.c (display_debug_frames): Sanity check cie_off before
+       attempting to read cie.
+
 2021-05-12  Alan Modra  <amodra@gmail.com>
 
        * dwarf.c (process_extended_line_op): Don't bump data pointer past

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 56983e1c799c10e8d0affc4a1ddc8a24a956084b..20bd92657b319dae14889697af3762d49e57ea29 100644 (file)
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -8708,6 +8708,8 @@ display_debug_frames (struct dwarf_section *section,
                if (cie->chunk_start == look_for)
                  break;
            }
+         else if (cie_off >= section->size)
+           cie = NULL;
          else
            {
              for (cie = forward_refs; cie ; cie = cie->next)