diff options
author | Tom Tromey <tromey@redhat.com> | 2010-11-19 16:35:13 +0000 |
---|---|---|
committer | Tom Tromey <tromey@redhat.com> | 2010-11-19 16:35:13 +0000 |
commit | d53d4ac5aaf62c631e8d915e049eaf3f52fe24c8 (patch) | |
tree | bd4692456fc6e12ca4e10a31aae2351a52c2fbdb | |
parent | 42a851a999af020b28cfcbc1659da6869b61a36b (diff) | |
download | binutils-d53d4ac5aaf62c631e8d915e049eaf3f52fe24c8.tar.gz binutils-d53d4ac5aaf62c631e8d915e049eaf3f52fe24c8.tar.bz2 binutils-d53d4ac5aaf62c631e8d915e049eaf3f52fe24c8.zip |
2010-11-19 Will Drewry <wad@google.com>
Tavis Ormandy <taviso@google.com>
Jan Kratochvil <jan.kratochvil@redhat.com>
* dwarf2read.c (decode_locdesc): Enforce location description stack
boundaries.
-rw-r--r-- | gdb/ChangeLog | 7 | ||||
-rw-r--r-- | gdb/dwarf2read.c | 20 |
2 files changed, 25 insertions, 2 deletions
diff --git a/gdb/ChangeLog b/gdb/ChangeLog index 526c1828613..6997f0d4492 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,10 @@ +2010-11-19 Will Drewry <wad@google.com> + Tavis Ormandy <taviso@google.com> + Jan Kratochvil <jan.kratochvil@redhat.com> + + * dwarf2read.c (decode_locdesc): Enforce location description stack + boundaries. + 2010-11-18 Pierre Muller <muller@ics.u-strasbg.fr> * arm-tdep.c (arm_in_function_epilogue_p): Fix code when "MOV SP" diff --git a/gdb/dwarf2read.c b/gdb/dwarf2read.c index 33ebea8389e..7ad8037d4ea 100644 --- a/gdb/dwarf2read.c +++ b/gdb/dwarf2read.c @@ -13279,8 +13279,7 @@ read_signatured_type (struct objfile *objfile, callers will only want a very basic result and this can become a complaint. - Note that stack[0] is unused except as a default error return. - Note that stack overflow is not yet handled. */ + Note that stack[0] is unused except as a default error return. */ static CORE_ADDR decode_locdesc (struct dwarf_block *blk, struct dwarf2_cu *cu) @@ -13297,6 +13296,7 @@ decode_locdesc (struct dwarf_block *blk, struct dwarf2_cu *cu) i = 0; stacki = 0; stack[stacki] = 0; + stack[++stacki] = 0; while (i < size) { @@ -13478,6 +13478,22 @@ decode_locdesc (struct dwarf_block *blk, struct dwarf2_cu *cu) dwarf_stack_op_name (op, 1)); return (stack[stacki]); } + + /* Enforce maximum stack depth of SIZE-1 to avoid writing + outside of the allocated space. Also enforce minimum>0. */ + if (stacki >= ARRAY_SIZE (stack) - 1) + { + complaint (&symfile_complaints, + _("location description stack overflow")); + return 0; + } + + if (stacki <= 0) + { + complaint (&symfile_complaints, + _("location description stack underflow")); + return 0; + } } return (stack[stacki]); } |