This is the mail archive of the gdb-prs@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug gdb/23657] Out of bound memory access

From: "tromey at sourceware dot org" <sourceware-bugzilla at sourceware dot org>
To: gdb-prs at sourceware dot org
Date: Mon, 17 Sep 2018 12:41:11 +0000
Subject: [Bug gdb/23657] Out of bound memory access
Auto-submitted: auto-generated
References: <bug-23657-4717@http.sourceware.org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=23657

--- Comment #3 from Tom Tromey <tromey at sourceware dot org> ---
(In reply to Nick Clifton from comment #2)

> There is also the caveat that the test "if (str_offset >= sect->size)"
> might be wrong if the .debug_str section is compressed.  (I am unfamiliar 
> with the gdb sources, so I do not know if sect->size is the size from the 
> ELF header, or the size after decompression). 

For a compressed section it comes from:

  descriptor->size = bfd_get_section_size (sectp);

Where would a section size sanity check belong in BFD?
Maybe we'd only want it for sections we actually read, so
bfd_get_full_section_contents (and then a copy in gdb since
gdb can mmap sections).

I wonder if there are other sanity checks that should be done.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

References:
- [Bug gdb/23657] New: Out of bound memory access
  - From: jxx13 at psu dot edu

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]