Add check to keep from segfaulting on a corrupt .debug_pubnames section.

gold/ * dwarf_reader.cc (Dwarf_pubnames_table::read_header): Check that unit_length is within section bounds.
2025-01-20 07:54:19 +00:00 · 2014-06-09 14:55:02 -07:00 · 2014-06-09 14:55:02 -07:00 · 9baa787b14
commit 9baa787b14
parent 8f89af0abe
2 changed files with 11 additions and 0 deletions
--- a/gold/ChangeLog
+++ b/gold/ChangeLog
@ -1,3 +1,8 @@
+2014-06-09  Cary Coutant  <ccoutant@google.com>
+
+	* dwarf_reader.cc (Dwarf_pubnames_table::read_header): Check that
+	unit_length is within section bounds.
+
 2014-06-09  Cary Coutant  <ccoutant@google.com>

 	PR gold/16980
--- a/gold/dwarf_reader.cc
+++ b/gold/dwarf_reader.cc
@ -580,6 +580,12 @@ Dwarf_pubnames_table::read_header(off_t offset)
    }
  this->end_of_table_ = pinfo + unit_length;

+  // If unit_length is too big, maybe we should reject the whole table,
+  // but in cases we know about, it seems OK to assume that the table
+  // is valid through the actual end of the section.
+  if (this->end_of_table_ > this->buffer_end_)
+    this->end_of_table_ = this->buffer_end_;
+
  // Check the version.
  unsigned int version = this->dwinfo_->read_from_pointer<16>(pinfo);
  pinfo += 2;