mirrors/binutils-gdb
1
0
Fork 0
mirror of https://sourceware.org/git/binutils-gdb.git synced 2024-11-24 02:24:46 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

PR27879, stack-buffer-overflow on sysdump

Browse Source 
PR 27879
	* sysdump.c (getBARRAY): Sanity check size against max.
	(getINT): Avoid UB shift left.
This commit is contained in:
Alan Modra 2021-05-18 23:39:35 +09:30
parent 75933ce3d9
commit 9d9e2a340b
2 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
binutils/ChangeLog
View File

@ -1,3 +1,9 @@
2021-05-19 Alan Modra <amodra@gmail.com>
PR 27879
* sysdump.c (getBARRAY): Sanity check size against max.
(getINT): Avoid UB shift left.
2021-05-15 Alan Modra <amodra@gmail.com>
* dwarf.c (process_cu_tu_index): Avoid pointer UB. Use _mul_overflow.

13
binutils/sysdump.c
View File

@ -131,19 +131,21 @@ fillup (unsigned char *ptr)
}
static barray
getBARRAY (unsigned char *ptr, int *idx, int dsize ATTRIBUTE_UNUSED,
int max ATTRIBUTE_UNUSED)
getBARRAY (unsigned char *ptr, int *idx, int dsize ATTRIBUTE_UNUSED, int max)
{
barray res;
int i;
int byte = *idx / 8;
int size = ptr[byte++];
int size = 0;
if (byte < max)
size = ptr[byte++];
res.len = size;
res.data = (unsigned char *) xmalloc (size);
for (i = 0; i < size; i++)
res.data[i] = ptr[byte++];
res.data[i] = byte < max ? ptr[byte++] : 0;
return res;
}
@ -179,7 +181,8 @@ getINT (unsigned char *ptr, int *idx, int size, int max)
n = (ptr[byte + 0] << 8) + ptr[byte + 1];
break;
case 4:
n = (ptr[byte + 0] << 24) + (ptr[byte + 1] << 16) + (ptr[byte + 2] << 8) + (ptr[byte + 3]);
n = (((unsigned) ptr[byte + 0] << 24) + (ptr[byte + 1] << 16)
+ (ptr[byte + 2] << 8) + (ptr[byte + 3]));
break;
default:
fatal (_("Unsupported read size: %d"), size);