[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/22895] integer overflow in read_attribute_value
From: |
luanjunchao at 163 dot com |
Subject: |
[Bug binutils/22895] integer overflow in read_attribute_value |
Date: |
Wed, 28 Feb 2018 03:01:06 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=22895
--- Comment #4 from skysider <luanjunchao at 163 dot com> ---
The patch doesn't work for the crash corpus. Part of my gdb debugging:
(gdb) list
1186 if (blk == NULL)
1187 return NULL;
1188 blk->size = _bfd_safe_read_leb128 (abfd, info_ptr, &bytes_read,
1189 FALSE, info_ptr_end);
1190 info_ptr += bytes_read;
1191 info_ptr = read_n_bytes (abfd, info_ptr, info_ptr_end, blk);
1192 attr->u.blk = blk;
1193 break;
1194 case DW_FORM_block1:
1195 amt = sizeof (struct dwarf_block);
(gdb) p/x *blk
$20 = {size = 0xf7e7efd6, data = 0x0}
(gdb) p/x info_ptr
$21 = 0x81a073c
(gdb) p/x info_ptr_end
$23 = 0x81a101a
So I think check if(size > end) is necessary.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/22895] New: integer overflow in read_attribute_value, luanjunchao at 163 dot com, 2018/02/25
- [Bug binutils/22895] integer overflow in read_attribute_value, luanjunchao at 163 dot com, 2018/02/27
- [Bug binutils/22895] integer overflow in read_attribute_value, nickc at redhat dot com, 2018/02/27
- [Bug binutils/22895] integer overflow in read_attribute_value, luanjunchao at 163 dot com, 2018/02/27
- [Bug binutils/22895] integer overflow in read_attribute_value,
luanjunchao at 163 dot com <=
- [Bug binutils/22895] integer overflow in read_attribute_value, nickc at redhat dot com, 2018/02/28
- [Bug binutils/22895] integer overflow in read_attribute_value, luanjunchao at 163 dot com, 2018/02/28
- [Bug binutils/22895] integer overflow in read_attribute_value, cvs-commit at gcc dot gnu.org, 2018/02/28
- [Bug binutils/22895] integer overflow in read_attribute_value, nickc at redhat dot com, 2018/02/28