This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
[PATCH]: Improve readelf's handling of corrupt call frames
- From: Nick Clifton <nickc at redhat dot com>
- To: binutils at sourceware dot org
- Date: Fri, 30 Jun 2006 13:43:27 +0100
- Subject: [PATCH]: Improve readelf's handling of corrupt call frames
Hi Guys,
A coworker recently across a situation where readelf would seg fault
whilst trying to display the call frame information for a binary
built for a 16-bit target. Whilst the issue of whether the call
frame info in this binary was actually corrupt is still in debate
(it is a segmented 16/24/32 bit architecture), the fact remains that
readelf should not seg fault.
So I am going to apply the attached patch. It detects situations
where the end of a call frame data block is beyond the end of the
.debug_frame section, and it prevents the code that handles corrupt
CIE pointers from resetting the start pointer to the end of the
block. This causes problems because the code later on will attempt
to read the rest of the block's information from beyond the end of
the block.
Cheers
Nick
binutils/ChangeLog
2006-06-30 Nick Clifton <nickc@redhat.com>
* dwarf.c (display_debug_frames): Catch a corrupt length field
generating an end of block address that is beyond the end of the
section.
When encountering a corrupt CIE pointer do not reset the start
pointer as more data still has to be read.
Do not warn about user defined call frame instructions.