Fix an undefined behaviour in the BFD library's DWARF parser.

	PR 28687
	* dwarf1.c (parse_die): Fix undefined behaviour in range tests.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 35b659b4ef90410901d55d316d4b75d8f4083399..24311710088536c03a5a2d6b0024a5c8295dc4d6 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2021-12-15  Nikita Popov  <npv1310@gmail.com>
+
+       PR 28687
+       * dwarf1.c (parse_die): Fix undefined behaviour in range tests.
+
 2021-11-17  Nick Clifton  <nickc@redhat.com>
 
        PR 28452

diff --git a/bfd/dwarf1.c b/bfd/dwarf1.c
index f1c4e7ec48cb3cdd0b9fa28690e931ebe10f1154..9f4665501b44a45b7bc916e69872169e8257936d 100644 (file)
--- a/bfd/dwarf1.c
+++ b/bfd/dwarf1.c
@@ -258,8 +258,7 @@ parse_die (bfd *         abfd,
          if (xptr + 2 <= aDiePtrEnd)
            {
              block_len = bfd_get_16 (abfd, xptr);
-             if (xptr + block_len > aDiePtrEnd
-                 || xptr + block_len < xptr)
+             if ((unsigned int) (aDiePtrEnd - xptr) < block_len)
                return false;
              xptr += block_len;
            }
@@ -269,8 +268,7 @@ parse_die (bfd *         abfd,
          if (xptr + 4 <= aDiePtrEnd)
            {
              block_len = bfd_get_32 (abfd, xptr);
-             if (xptr + block_len > aDiePtrEnd
-                 || xptr + block_len < xptr)
+             if ((unsigned int) (aDiePtrEnd - xptr) < block_len)
                return false;
              xptr += block_len;
            }