Summary: | heap-based buffer overflow in read_1_byte (dwarf2.c) | ||
---|---|---|---|
Product: | binutils | Reporter: | Agostino Sarubbo <ago> |
Component: | binutils | Assignee: | Alan Modra <amodra> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 2.30 | ||
Target Milestone: | 2.30 | ||
Host: | Target: | ||
Build: | Last reconfirmed: | 2017-09-23 00:00:00 | |
Attachments: |
stacktrace
testcase |
Created attachment 10443 [details]
testcase
*** Bug 22171 has been marked as a duplicate of this bug. *** The master branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724 commit 515f23e63c0074ab531bc954f84ca40c6281a724 Author: Alan Modra <amodra@gmail.com> Date: Sun Sep 24 14:36:16 2017 +0930 PR22169, heap-based buffer overflow in read_1_byte The .debug_line header length field doesn't include the length field itself, ie. it's the size of the rest of .debug_line. PR 22169 * dwarf2.c (decode_line_info): Correct .debug_line unit_length check. Fixed |
Created attachment 10442 [details] stacktrace On master compiled today. # nm -V GNU nm (Gentoo git) 2.29.51.20170921 Command to reproduce: # nm -A -a -l -S -s --special-syms --synthetic --with-symbol-versions -D $FILE