Created attachment 10490 [details]
poc of infinite loop
When I run "objdump -x -D -S -s -g -e -G --dwarf -t -T -r -R --special-syms --inlines --dwarf-check loop.elf", it traps into function process_debug_info.
Some of the function snippet is here:
for (section_begin = start, unit = 0; start < end; unit++)
start += compunit.cu_length + initial_length_size;
When I debug it with gdb, I can see that compuint.cu_length = 0xfffffff4 and initial_length_size =12 which leads to start +=0 each loop. Maybe there is an integer overflow here.
The poc is attached here.
The master branch has been updated by Nick Clifton <firstname.lastname@example.org>:
Author: Nick Clifton <email@example.com>
Date: Wed Sep 27 10:42:51 2017 +0100
Prevent an infinite loop in the DWARF parsing code when encountering a CU structure with a small negative size.
* dwarf.c (process_debug_info): Add a check for a negative
Thanks for reporting this bug. I have checked in a patch to test for negative lengths in the comp_unit structure, which will prevent this infinite loop from happening again.