Bug 22169 - heap-based buffer overflow in read_1_byte (dwarf2.c)
Summary: heap-based buffer overflow in read_1_byte (dwarf2.c)
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.30
: P2 normal
Target Milestone: 2.30
Assignee: Alan Modra
URL:
Keywords:
: 22171 (view as bug list)
Depends on:
Blocks:
 
Reported: 2017-09-21 13:13 UTC by Agostino Sarubbo
Modified: 2017-09-24 06:58 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed: 2017-09-23 00:00:00

Attachments
stacktrace (1.20 KB, text/plain)
2017-09-21 13:13 UTC, Agostino Sarubbo 		Details
testcase (10.82 KB, application/x-executable)
2017-09-21 13:13 UTC, Agostino Sarubbo 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo 2017-09-21 13:13:24 UTC 
Created attachment 10442 [details]
stacktrace

On master compiled today.
# nm -V
GNU nm (Gentoo git) 2.29.51.20170921


Command to reproduce:
# nm -A -a -l -S -s --special-syms --synthetic --with-symbol-versions -D $FILE
Comment 1 Agostino Sarubbo 2017-09-21 13:13:44 UTC 
Created attachment 10443 [details]
testcase
Comment 2 Alan Modra 2017-09-23 08:39:56 UTC 
*** Bug 22171 has been marked as a duplicate of this bug. ***
Comment 3 Sourceware Commits 2017-09-24 06:49:49 UTC 
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724

commit 515f23e63c0074ab531bc954f84ca40c6281a724
Author: Alan Modra <amodra@gmail.com>
Date:   Sun Sep 24 14:36:16 2017 +0930

    PR22169, heap-based buffer overflow in read_1_byte
    
    The .debug_line header length field doesn't include the length field
    itself, ie. it's the size of the rest of .debug_line.
    
    	PR 22169
    	* dwarf2.c (decode_line_info): Correct .debug_line unit_length check.
Comment 4 Alan Modra 2017-09-24 06:58:03 UTC 
Fixed