This is the mail archive of the
gdb@sources.redhat.com
mailing list for the GDB project.
Is it possible to overflow baton->size in dwarf_mark_symbols_computed() in dwarf2read.c?
- From: "Cuthbertson, Reva D." <reva_cuthbertson at hp dot com>
- To: <gdb at sources dot redhat dot com>
- Date: Fri, 13 May 2005 08:18:47 -0700
- Subject: Is it possible to overflow baton->size in dwarf_mark_symbols_computed() in dwarf2read.c?
Hello,
I had a question regarding the following assignment in
dwarf2_mark_symbol_computed() in dwarf2read.c:
baton->size = dwarf2_per_objfile->loc_size - DW_UNSND (attr);
The field "loc_size" in dwarf2_per_objfile is declared to be an unsigned
integer and attr.u.unsnd (expansion of DW_UNSND (attr)) is declared to
be an unsigned long but the "size" field in dwarf2_loclist_baton and
dwarf2_locexpr_baton defined in dwarf2loc.h is defined to be an unsigned
short. Is it possible to overflow baton->size with the above
calculation?
If it is possible, then in find_location_expression() in dwarf2loc.c,
there may be a problem processing a location list entry as baton->size
is used to
determine the end of that location list entry. I think this overflow
could
happen for a program with a large .debug_loc section.
Do you believe that this is a problem?
Thanks!
Reva Cuthbertson
reva.cuthbertson@hp.com