[07/19] display_debug_macinfo

Message ID 20210515080957.20305-8-amodra@gmail.com
State New
Headers show
Series
  • Pointer UB in binutils/dwarf.c
Related show

Commit Message

Jan Beulich via Binutils May 15, 2021, 8:09 a.m.
The existing code went to the bother of using strnlen for scanning but
went wild when printing, and possibly incremented curr past end.

	* dwarf.c (display_debug_macinfo): Print strings that might not
	be zero terminated with %*s.  Don't bump curr if unterminated.

Patch

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 878f4f766db..d184e5289ed 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -5780,17 +5780,21 @@  display_debug_macinfo (struct dwarf_section *section,
 	case DW_MACINFO_define:
 	  READ_ULEB (lineno, curr, end);
 	  string = curr;
-	  curr += strnlen ((char *) string, end - string) + 1;
-	  printf (_(" DW_MACINFO_define - lineno : %d macro : %s\n"),
-		  lineno, string);
+	  curr += strnlen ((char *) string, end - string);
+	  printf (_(" DW_MACINFO_define - lineno : %d macro : %*s\n"),
+		  lineno, (int) (curr - string), string);
+	  if (curr < end)
+	    curr++;
 	  break;
 
 	case DW_MACINFO_undef:
 	  READ_ULEB (lineno, curr, end);
 	  string = curr;
-	  curr += strnlen ((char *) string, end - string) + 1;
-	  printf (_(" DW_MACINFO_undef - lineno : %d macro : %s\n"),
-		  lineno, string);
+	  curr += strnlen ((char *) string, end - string);
+	  printf (_(" DW_MACINFO_undef - lineno : %d macro : %*s\n"),
+		  lineno, (int) (curr - string), string);
+	  if (curr < end)
+	    curr++;
 	  break;
 
 	case DW_MACINFO_vendor_ext:
@@ -5799,9 +5803,11 @@  display_debug_macinfo (struct dwarf_section *section,
 
 	    READ_ULEB (constant, curr, end);
 	    string = curr;
-	    curr += strnlen ((char *) string, end - string) + 1;
-	    printf (_(" DW_MACINFO_vendor_ext - constant : %d string : %s\n"),
-		    constant, string);
+	    curr += strnlen ((char *) string, end - string);
+	    printf (_(" DW_MACINFO_vendor_ext - constant : %d string : %*s\n"),
+		    constant, (int) (curr - string), string);
+	    if (curr < end)
+	      curr++;
 	  }
 	  break;
 	}