diff mbox series

buffer overflow in parse_stab_array_type

Message ID ah00Zp_R1A6q4bNQ@squeak.grove.modra.org
State New
Headers
Series buffer overflow in parse_stab_array_type |

Checks

Context Check Description
linaro-tcwg-bot/tcwg_binutils_build--master-arm fail Patch failed to apply
linaro-tcwg-bot/tcwg_binutils_build--master-aarch64 fail Patch failed to apply

Commit Message

Alan Modra June 1, 2026, 7:27 a.m. UTC 
  Fix oss-fuzz induced damage.

	stabs.c (parse_stab_type): Don't access beyond end of stab
	with bad type.
	(parse_stab_array_type): Don't duplicate "bad stab" message.
diff mbox series

Patch

diff --git a/binutils/stabs.c b/binutils/stabs.c
index 81068a4bf7c..27d49376b97 100644
--- a/binutils/stabs.c
+++ b/binutils/stabs.c
@@ -1293,6 +1293,12 @@  parse_stab_type (void *                dhandle,
 	}
     }
 
+  if (*pp >= p_end)
+    {
+      bad_stab (orig);
+      return DEBUG_TYPE_NULL;
+    }
+
   descriptor = **pp;
   ++*pp;
 
@@ -3219,11 +3225,7 @@  parse_stab_array_type (void *dhandle,
     {
       index_type = debug_find_named_type (dhandle, "int");
       if (index_type == DEBUG_TYPE_NULL)
-	{
-	  index_type = debug_make_int_type (dhandle, 4, false);
-	  if (index_type == DEBUG_TYPE_NULL)
-	    return DEBUG_TYPE_NULL;
-	}
+	index_type = debug_make_int_type (dhandle, 4, false);
       *pp = p;
     }
   else
@@ -3231,6 +3233,8 @@  parse_stab_array_type (void *dhandle,
       index_type = parse_stab_type (dhandle, info, (const char *) NULL, pp,
 				    (debug_type **) NULL, p_end);
     }
+  if (index_type == DEBUG_TYPE_NULL)
+    return DEBUG_TYPE_NULL;
 
   if (**pp != ';')
     {