Fix invalid memory access in the BFD library's DWARF parser.

author Nick Clifton <nickc@redhat.com>

Mon, 13 Feb 2017 17:51:27 +0000 (17:51 +0000)

committer Nick Clifton <nickc@redhat.com>

Mon, 13 Feb 2017 17:51:27 +0000 (17:51 +0000)
author Nick Clifton <nickc@redhat.com>
Mon, 13 Feb 2017 17:51:27 +0000 (17:51 +0000)
committer Nick Clifton <nickc@redhat.com>
Mon, 13 Feb 2017 17:51:27 +0000 (17:51 +0000)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index f21d654..1c3d701 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-02-13  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21151
+       * dwarf2.c (_bfd_dwarf2_find_nearest_line): Check for an invalid
+       unit length field.
+
  2017-02-07  Andrew Waterman  <andrew@sifive.com>
  
         * elfnn-riscv.c (riscv_elf_finish_dynamic_sections): Only write PLT
diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c

index 3699587..6b111d3 100644 (file)
--- a/bfd/dwarf2.c
+++ b/bfd/dwarf2.c
@@ -4294,6 +4294,10 @@ _bfd_dwarf2_find_nearest_line (bfd *abfd,
         {
           bfd_byte * new_ptr;
  
+         /* PR 21151  */
+         if (stash->info_ptr + length > stash->info_ptr_end)
+           return FALSE;
+
           each = parse_comp_unit (stash, length, info_ptr_unit,
                                   offset_size);
           if (!each)
author	Nick Clifton <nickc@redhat.com>
	Mon, 13 Feb 2017 17:51:27 +0000 (17:51 +0000)
committer	Nick Clifton <nickc@redhat.com>
	Mon, 13 Feb 2017 17:51:27 +0000 (17:51 +0000)
bfd/ChangeLog		patch \| blob \| history
bfd/dwarf2.c		patch \| blob \| history