[15/19] read_cie

Message ID 20210515080957.20305-16-amodra@gmail.com
State New
Headers show
Series
  • Pointer UB in binutils/dwarf.c
Related show

Commit Message

H.J. Lu via Binutils May 15, 2021, 8:09 a.m.
* dwarf.c (read_cie): Add more sanity checks to ensure data
	pointer is not bumped past end.

Patch

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 9243c853020..93e6d7319fa 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -8409,10 +8409,16 @@  read_cie (unsigned char *start, unsigned char *end,
     }
 
   if (strcmp (fc->augmentation, "eh") == 0)
-    start += eh_addr_size;
+    {
+      if (eh_addr_size > (size_t) (end - start))
+	goto fail;
+      start += eh_addr_size;
+    }
 
   if (version >= 4)
     {
+      if (2 > (size_t) (end - start))
+	goto fail;
       GET (fc->ptr_size, 1);
       if (fc->ptr_size < 1 || fc->ptr_size > 8)
 	{
@@ -8439,6 +8445,9 @@  read_cie (unsigned char *start, unsigned char *end,
   READ_ULEB (fc->code_factor, start, end);
   READ_SLEB (fc->data_factor, start, end);
 
+  if (start >= end)
+    goto fail;
+
   if (version == 1)
     {
       GET (fc->ra, 1);
@@ -8450,6 +8459,8 @@  read_cie (unsigned char *start, unsigned char *end,
 
   if (fc->augmentation[0] == 'z')
     {
+      if (start >= end)
+	goto fail;
       READ_ULEB (augmentation_data_len, start, end);
       augmentation_data = start;
       /* PR 17512: file: 11042-2589-0.004.  */