Pointer comparisons after adding an offset just don't work to catch
overflow when the offset is a larger type than the pointer.
PR 25018
* dwarf.c (get_type_signedness): Delete ineffective pointer
comparison check. Properly range check uvalue offset on
recursive call.
(read_and_display_attr_value): Range check uvalue offset before
calling get_type_signedness.
(cherry picked from commit
b3fe587ed2c78d46132bd33e14f42449d410354b)
+2019-09-25 Alan Modra <amodra@gmail.com>
+
+ Apply from master
+ 2019-09-23 Alan Modra <amodra@gmail.com>
+ PR 25018
+ * dwarf.c (get_type_signedness): Delete ineffective pointer
+ comparison check. Properly range check uvalue offset on
+ recursive call.
+ (read_and_display_attr_value): Range check uvalue offset before
+ calling get_type_signedness.
+
2019-09-19 Tamar Christina <tamar.christina@arm.com>
* testsuite/binutils-all/objdump.exp (objdump -S): Update testcase.
* is_signed = FALSE;
- if (data >= end)
- return;
-
abbrev_number = read_uleb128 (data, & bytes_read, end);
data += bytes_read;
NB/ We need to avoid infinite recursion. */
return;
}
+ if (uvalue >= (size_t) (end - start))
+ return;
get_type_signedness (start, start + uvalue, end, pointer_size,
offset_size, dwarf_version, is_signed, TRUE);
break;
switch (attribute)
{
case DW_AT_type:
- if (level >= 0 && level < MAX_CU_NESTING)
+ if (level >= 0 && level < MAX_CU_NESTING
+ && uvalue < (size_t) (end - start))
{
bfd_boolean is_signed = FALSE;