From: Simon Marchi Date: Tue, 2 Feb 2021 15:40:50 +0000 (-0500) Subject: gdb/dwarf: fix bound check in read_rnglist_index X-Git-Tag: gdb-10.2-release~105 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=39658ce654b6f9b89e4edb9c22b68b32a650f869;p=thirdparty%2Fbinutils-gdb.git gdb/dwarf: fix bound check in read_rnglist_index I think this check in read_rnglist_index is wrong: /* Validate that reading won't go beyond the end of the section. */ if (start_offset + cu->header.offset_size > rnglist_base + section->size) error (_("Reading DW_FORM_rnglistx index beyond end of" ".debug_rnglists section [in module %s]"), objfile_name (objfile)); The addition `rnglist_base + section->size` doesn't make sense. rnglist_base is an offset into `section`, so it doesn't make sense to add it to `section`'s size. `start_offset` also is an offset into `section`, so we should just compare it to just `section->size`. gdb/ChangeLog: * dwarf2/read.c (read_rnglist_index): Fix bound check. Change-Id: If0ff7c73f4f80f79aac447518f4e8f131f2db8f2 --- diff --git a/gdb/ChangeLog b/gdb/ChangeLog index 56b3e3a3908..f32f473f6a0 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,7 @@ +2021-02-02 Simon Marchi + + * dwarf2/read.c (read_rnglist_index): Fix bound check. + 2021-02-02 Simon Marchi * dwarf2/read.c (read_loclist_index): Change complaints into diff --git a/gdb/dwarf2/read.c b/gdb/dwarf2/read.c index b5ca65fd63b..ad2572453c6 100644 --- a/gdb/dwarf2/read.c +++ b/gdb/dwarf2/read.c @@ -19573,6 +19573,8 @@ read_rnglist_index (struct dwarf2_cu *cu, ULONGEST rnglist_index, : RNGLIST_HEADER_SIZE64); ULONGEST rnglist_base = (cu->dwo_unit != nullptr) ? rnglist_header_size : cu->ranges_base; + + /* Offset in .debug_rnglists of the offset for RNGLIST_INDEX. */ ULONGEST start_offset = rnglist_base + rnglist_index * cu->header.offset_size; @@ -19601,7 +19603,7 @@ read_rnglist_index (struct dwarf2_cu *cu, ULONGEST rnglist_index, objfile_name (objfile)); /* Validate that reading won't go beyond the end of the section. */ - if (start_offset + cu->header.offset_size > rnglist_base + section->size) + if (start_offset + cu->header.offset_size > section->size) error (_("Reading DW_FORM_rnglistx index beyond end of" ".debug_rnglists section [in module %s]"), objfile_name (objfile));