Bug 22169

Summary: heap-based buffer overflow in read_1_byte (dwarf2.c)
Product: binutils Reporter: Agostino Sarubbo <ago>
Component: binutilsAssignee: Alan Modra <amodra>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 2.30   
Target Milestone: 2.30   
Host: Target:
Build: Last reconfirmed: 2017-09-23 00:00:00
Attachments: stacktrace
testcase

Description Agostino Sarubbo 2017-09-21 13:13:24 UTC
Created attachment 10442 [details]
stacktrace

On master compiled today.
# nm -V
GNU nm (Gentoo git) 2.29.51.20170921


Command to reproduce:
# nm -A -a -l -S -s --special-syms --synthetic --with-symbol-versions -D $FILE
Comment 1 Agostino Sarubbo 2017-09-21 13:13:44 UTC
Created attachment 10443 [details]
testcase
Comment 2 Alan Modra 2017-09-23 08:39:56 UTC
*** Bug 22171 has been marked as a duplicate of this bug. ***
Comment 3 cvs-commit@gcc.gnu.org 2017-09-24 06:49:49 UTC
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724

commit 515f23e63c0074ab531bc954f84ca40c6281a724
Author: Alan Modra <amodra@gmail.com>
Date:   Sun Sep 24 14:36:16 2017 +0930

    PR22169, heap-based buffer overflow in read_1_byte
    
    The .debug_line header length field doesn't include the length field
    itself, ie. it's the size of the rest of .debug_line.
    
    	PR 22169
    	* dwarf2.c (decode_line_info): Correct .debug_line unit_length check.
Comment 4 Alan Modra 2017-09-24 06:58:03 UTC
Fixed