blob: c5a869ca9d491b6dbac8fb30974acea12ad9f3a3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
From 3e307d538c351aa9327cbad672c884059ecc20dd Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Wed, 11 Jan 2023 12:13:46 +0000
Subject: [PATCH] Fix a potential illegal memory access in the BFD library when
parsing a corrupt DWARF file.
PR 29988
* dwarf2.c (read_indexed_address): Fix check for an out of range
offset.
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3e307d538c351aa9327cbad672c884059ecc20dd]
CVE: CVE-2023-1579
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
---
bfd/ChangeLog | 6 ++++++
bfd/dwarf2.c | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
index 6eb6e04e6e5..4ec0053a111 100644
--- a/bfd/dwarf2.c
+++ b/bfd/dwarf2.c
@@ -1412,7 +1412,7 @@ read_indexed_address (uint64_t idx, struct comp_unit *unit)
offset += unit->dwarf_addr_offset;
if (offset < unit->dwarf_addr_offset
|| offset > file->dwarf_addr_size
- || file->dwarf_addr_size - offset < unit->offset_size)
+ || file->dwarf_addr_size - offset < unit->addr_size)
return 0;
info_ptr = file->dwarf_addr_buffer + offset;
--
2.31.1
|