https://sourceware.org/bugzilla/show_bug.cgi?id=22895
--- Comment #4 from skysider <luanjunchao at 163 dot com> ---
The patch doesn't work for the crash corpus. Part of my gdb debugging:
(gdb) list
1186 if (blk == NULL)
1187 return NULL;
1188 blk->size = _bfd_safe_read_leb128 (abfd, info_ptr, &bytes_read,
1189 FALSE, info_ptr_end);
1190 info_ptr += bytes_read;
1191 info_ptr = read_n_bytes (abfd, info_ptr, info_ptr_end, blk);
1192 attr->u.blk = blk;
1193 break;
1194 case DW_FORM_block1:
1195 amt = sizeof (struct dwarf_block);
(gdb) p/x *blk
$20 = {size = 0xf7e7efd6, data = 0x0}
(gdb) p/x info_ptr
$21 = 0x81a073c
(gdb) p/x info_ptr_end
$23 = 0x81a101a
So I think check if(size > end) is necessary.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
