This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH]: Improve readelf's handling of corrupt call frames

From: Nick Clifton <nickc at redhat dot com>
To: binutils at sourceware dot org
Date: Fri, 30 Jun 2006 13:43:27 +0100
Subject: [PATCH]: Improve readelf's handling of corrupt call frames

Hi Guys,

  A coworker recently across a situation where readelf would seg fault
  whilst trying to display the call frame information for a binary
  built for a 16-bit target.  Whilst the issue of whether the call
  frame info in this binary was actually corrupt is still in debate
  (it is a segmented 16/24/32 bit architecture), the fact remains that
  readelf should not seg fault.

  So I am going to apply the attached patch.  It detects situations
  where the end of a call frame data block is beyond the end of the
  .debug_frame section, and it prevents the code that handles corrupt
  CIE pointers from resetting the start pointer to the end of the
  block.  This causes problems because the code later on will attempt
  to read the rest of the block's information from beyond the end of
  the block.

Cheers
  Nick

binutils/ChangeLog
2006-06-30  Nick Clifton  <nickc@redhat.com>

	* dwarf.c (display_debug_frames): Catch a corrupt length field
	generating an end of block address that is beyond the end of the
	section.
	When encountering a corrupt CIE pointer do not reset the start
	pointer as more data still has to be read.
	Do not warn about user defined call frame instructions.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]