[prev in list] [next in list] [prev in thread] [next in thread] 

List:       binutils-cvs
Subject:    [binutils-gdb] PR28753, buffer overflow in read_section_stabs_debugging_info
From:       Alan Modra via Binutils-cvs <binutils-cvs () sourceware ! org>
Date:       2022-01-28 6:32:17
Message-ID: 20220128063217.6FC593858D1E () sourceware ! org
[Download RAW message or body]

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=085b299b71721e15f5c5c5344dc3e4e4536dadba

commit 085b299b71721e15f5c5c5344dc3e4e4536dadba
Author: Alan Modra <amodra@gmail.com>
Date:   Thu Jan 20 13:58:38 2022 +1030

    PR28753, buffer overflow in read_section_stabs_debugging_info
    
            PR 28753
            * rddbg.c (read_section_stabs_debugging_info): Don't read past
            end of section when concatentating stab strings.

Diff:
---
 binutils/rddbg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/binutils/rddbg.c b/binutils/rddbg.c
index 42605b83d1a..169c52f4983 100644
--- a/binutils/rddbg.c
+++ b/binutils/rddbg.c
@@ -210,7 +210,7 @@ read_section_stabs_debugging_info (bfd *abfd, asymbol **syms, long symcount,
 		     an attempt to read the byte before 'strings' would occur.  */
 		  while ((len = strlen (s)) > 0
 			 && s[len  - 1] == '\\'
-			 && stab + 12 < stabs + stabsize)
+			 && stab + 16 <= stabs + stabsize)
 		    {
 		      char *p;
[prev in list] [next in list] [prev in thread] [next in thread]