Bug 22202 - heap-based buffer overflow in parse_die (dwarf1.c)
Summary: heap-based buffer overflow in parse_die (dwarf1.c)
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.30
: P2 normal
Target Milestone: 2.30
Assignee: Alan Modra
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-25 08:11 UTC by Agostino Sarubbo
Modified: 2017-09-25 14:30 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed: 2017-09-25 00:00:00


Attachments
stacktrace (1.22 KB, text/plain)
2017-09-25 08:11 UTC, Agostino Sarubbo
Details
testcase (11.08 KB, application/octet-stream)
2017-09-25 08:12 UTC, Agostino Sarubbo
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo 2017-09-25 08:11:50 UTC
Created attachment 10473 [details]
stacktrace

On master at 52a93b95ec0771c97e26f0bb28630a271a667bd2:
# nm -V
GNU nm (Gentoo git) 2.29.51.20170924


Command to reproduce:
# nm -A -a -l -S -s --special-syms --synthetic --with-symbol-versions -D $FILE
Comment 1 Agostino Sarubbo 2017-09-25 08:12:24 UTC
Created attachment 10474 [details]
testcase
Comment 2 Sourceware Commits 2017-09-25 13:17:44 UTC
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5

commit 1da5c9a485f3dcac4c45e96ef4b7dae5948314b5
Author: Alan Modra <amodra@gmail.com>
Date:   Mon Sep 25 20:20:38 2017 +0930

    PR22202, buffer overflow in parse_die
    
    There was a complete lack of sanity checking in dwarf1.c
    
    	PR 22202
    	* dwarf1.c (parse_die): Sanity check pointer against section limit
    	before dereferencing.
    	(parse_line_table): Likewise.
Comment 3 Alan Modra 2017-09-25 14:30:50 UTC
Fixed