Fix invalid memory access in the BFD library's DWARF parser.

author Nick Clifton <nickc@redhat.com>

Mon, 13 Feb 2017 17:51:27 +0000 (17:51 +0000)

committer Nick Clifton <nickc@redhat.com>

Mon, 13 Feb 2017 17:51:27 +0000 (17:51 +0000)
author Nick Clifton <nickc@redhat.com>
Mon, 13 Feb 2017 17:51:27 +0000 (17:51 +0000)
committer Nick Clifton <nickc@redhat.com>
Mon, 13 Feb 2017 17:51:27 +0000 (17:51 +0000)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index f21d6544c1c0f65f0bb5d54223a1bd991735d662..1c3d701651034b40de4aaf753e276fb5cf3b5b28 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-02-13  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21151
+       * dwarf2.c (_bfd_dwarf2_find_nearest_line): Check for an invalid
+       unit length field.
+
  2017-02-07  Andrew Waterman  <andrew@sifive.com>
  
         * elfnn-riscv.c (riscv_elf_finish_dynamic_sections): Only write PLT
diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c

index 369958765ad4733c506bf65f1f2413d017003cb7..6b111d3d7a0d2bb89e76f6c2d626f38cb1a23e00 100644 (file)
--- a/bfd/dwarf2.c
+++ b/bfd/dwarf2.c
@@ -4294,6 +4294,10 @@ _bfd_dwarf2_find_nearest_line (bfd *abfd,
         {
           bfd_byte * new_ptr;
  
+         /* PR 21151  */
+         if (stash->info_ptr + length > stash->info_ptr_end)
+           return FALSE;
+
           each = parse_comp_unit (stash, length, info_ptr_unit,
                                   offset_size);
           if (!each)
author	Nick Clifton <nickc@redhat.com>
	Mon, 13 Feb 2017 17:51:27 +0000 (17:51 +0000)
committer	Nick Clifton <nickc@redhat.com>
	Mon, 13 Feb 2017 17:51:27 +0000 (17:51 +0000)
bfd/ChangeLog		patch \| blob \| blame \| history
bfd/dwarf2.c		patch \| blob \| blame \| history