Bug 22202

Summary: heap-based buffer overflow in parse_die (dwarf1.c)
Product: binutils Reporter: Agostino Sarubbo <ago>
Component: binutilsAssignee: Alan Modra <amodra>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 2.30   
Target Milestone: 2.30   
Host: Target:
Build: Last reconfirmed: 2017-09-25 00:00:00
Attachments: stacktrace
testcase

Description Agostino Sarubbo 2017-09-25 08:11:50 UTC 
Created attachment 10473 [details]
stacktrace

On master at 52a93b95ec0771c97e26f0bb28630a271a667bd2:
# nm -V
GNU nm (Gentoo git) 2.29.51.20170924


Command to reproduce:
# nm -A -a -l -S -s --special-syms --synthetic --with-symbol-versions -D $FILE
Comment 1 Agostino Sarubbo 2017-09-25 08:12:24 UTC 
Created attachment 10474 [details]
testcase
Comment 2 Sourceware Commits 2017-09-25 13:17:44 UTC 
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5

commit 1da5c9a485f3dcac4c45e96ef4b7dae5948314b5
Author: Alan Modra <amodra@gmail.com>
Date:   Mon Sep 25 20:20:38 2017 +0930

    PR22202, buffer overflow in parse_die
    
    There was a complete lack of sanity checking in dwarf1.c
    
    	PR 22202
    	* dwarf1.c (parse_die): Sanity check pointer against section limit
    	before dereferencing.
    	(parse_line_table): Likewise.
Comment 3 Alan Modra 2017-09-25 14:30:50 UTC 
Fixed