skip_attr_bytes assertion (data) <= (end) fail

get_type_abbrev_from_form is lax in not limiting data for a uleb to
the current CU, because DW_FORM_ref_addr allows access to other CU's
data.  This can lead to an assertion fail when skipping or reading
attributes in get_type_signedness.

	* dwarf.c (get_type_abbrev_from_form): Limit uleb data to map end
	for ref_addr, cu_end otherwise.

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 972bb920161234486dc68cc15507d7bb5ed9b3ce..13a91624200eaeb2c379fc53864da5a570316cac 100644 (file)
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -2119,7 +2119,10 @@ get_type_abbrev_from_form (unsigned long form,
        *map_return = NULL;
     }
 
-  READ_ULEB (abbrev_number, data, section->start + section->size);
+  if (form == DW_FORM_ref_addr)
+    cu_end = section->start + map->end;
+
+  READ_ULEB (abbrev_number, data, cu_end);
 
   for (entry = map->list->first_abbrev; entry != NULL; entry = entry->next)
     if (entry->number == abbrev_number)