objdump: file name table entry count check

Message ID ZOQcGOqFn749Uarv@squeak.grove.modra.org
State New
Headers
Series objdump: file name table entry count check |

Checks

Context Check Description
linaro-tcwg-bot/tcwg_binutils_check--master-arm warning Patch is already merged
linaro-tcwg-bot/tcwg_binutils_build--master-aarch64 warning Patch is already merged
linaro-tcwg-bot/tcwg_binutils_check--master-aarch64 warning Patch is already merged
linaro-tcwg-bot/tcwg_binutils_build--master-arm warning Patch is already merged

Commit Message

Alan Modra Aug. 22, 2023, 2:23 a.m. UTC
  Fuzzers have found that objdump -W takes a really long time if
the entry count uleb is ridiculously large, and format attributes
don't consume data (which doesn't make sense for a table of names).

	* dwarf.c (display_formatted_table): Sanity check count of
	table entries.
  

Patch

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 4f695bf2bca..3ebc45ae373 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -4313,10 +4313,10 @@  display_formatted_table (unsigned char *data,
       printf (_("\n The %s is empty.\n"), table_name);
       return data;
     }
-  else if (data >= end)
+  else if (data >= end
+	   || data_count > (size_t) (end - data))
     {
-      warn (_("%s: Corrupt entry count - expected %#" PRIx64
-	      " but none found\n"), table_name, data_count);
+      warn (_("%s: Corrupt entry count %#" PRIx64 "\n"), table_name, data_count);
       return data;
     }