From e45ad1239d7d8591d5e80d8cbba7d404c6c3640f Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Tue, 13 Mar 2018 17:03:04 +0000 Subject: [PATCH] Prevent a buffer overrun when parsing corrupt STABS debug information. PR 22957 * stabs.c (pop_binincl): Fail if the file index is off the end of the stack. --- binutils/ChangeLog | 7 +++++++ binutils/stabs.c | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/binutils/ChangeLog b/binutils/ChangeLog index aab8cf6..233d5cb 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,5 +1,11 @@ 2018-03-13 Nick Clifton + PR 22957 + * stabs.c (pop_binincl): Fail if the file index is off the end of + the stack. + +2018-03-13 Nick Clifton + PR 22955 * stabs.c (parse_number): Add p_end parameter and use it to check the validity of the pp parameter. Add checks to prevent walking @@ -19,6 +25,7 @@ (parse_stab_members): Likewise. (parse_stab_tilde_field): Likewise. (parse_stab_array_type): Likewise. + * parse_stab: Compute the end of the string and then pass it on to individual parser functions. diff --git a/binutils/stabs.c b/binutils/stabs.c index 807ca1e..bf53607 100644 --- a/binutils/stabs.c +++ b/binutils/stabs.c @@ -449,7 +449,6 @@ parse_stab (void *dhandle, void *handle, int type, int desc, bfd_vma value, info->file_types = ((struct stab_types **) xmalloc (sizeof *info->file_types)); info->file_types[0] = NULL; - info->so_string = NULL; /* Now process whatever type we just got. */ @@ -3326,6 +3325,9 @@ pop_bincl (struct stab_handle *info) return info->main_filename; info->bincl_stack = o->next_stack; + if (o->file >= info->files) + return info->main_filename; + o->file_types = info->file_types[o->file]; if (info->bincl_stack == NULL) -- 2.7.4