Prevent a buffer overrun when parsing corrupt STABS debug information.

	PR 22957
	* stabs.c (pop_binincl): Fail if the file index is off the end of
	the stack.

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index aab8cf6..233d5cb 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,5 +1,11 @@
 2018-03-13  Nick Clifton  <nickc@redhat.com>
 
+       PR 22957
+       * stabs.c (pop_binincl): Fail if the file index is off the end of
+       the stack.
+
+2018-03-13  Nick Clifton  <nickc@redhat.com>
+
        PR 22955
        * stabs.c (parse_number): Add p_end parameter and use it to check
        the validity of the pp parameter.  Add checks to prevent walking
@@ -19,6 +25,7 @@
        (parse_stab_members): Likewise.
        (parse_stab_tilde_field): Likewise.
        (parse_stab_array_type): Likewise.
+
        * parse_stab: Compute the end of the string and then pass it on to
        individual parser functions.
 

diff --git a/binutils/stabs.c b/binutils/stabs.c
index 807ca1e..bf53607 100644 (file)
--- a/binutils/stabs.c
+++ b/binutils/stabs.c
@@ -449,7 +449,6 @@ parse_stab (void *dhandle, void *handle, int type, int desc, bfd_vma value,
       info->file_types = ((struct stab_types **)
                          xmalloc (sizeof *info->file_types));
       info->file_types[0] = NULL;
-
       info->so_string = NULL;
 
       /* Now process whatever type we just got.  */
@@ -3326,6 +3325,9 @@ pop_bincl (struct stab_handle *info)
     return info->main_filename;
   info->bincl_stack = o->next_stack;
 
+  if (o->file >= info->files)
+    return info->main_filename;
+
   o->file_types = info->file_types[o->file];
 
   if (info->bincl_stack == NULL)