This is the mail archive of the gdb@sources.redhat.com mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Is it possible to overflow baton->size in dwarf_mark_symbols_computed() in dwarf2read.c?

From: "Cuthbertson, Reva D." <reva_cuthbertson at hp dot com>
To: <gdb at sources dot redhat dot com>
Date: Fri, 13 May 2005 08:18:47 -0700
Subject: Is it possible to overflow baton->size in dwarf_mark_symbols_computed() in dwarf2read.c?

Hello,

I had a question regarding the following assignment in
dwarf2_mark_symbol_computed() in dwarf2read.c:

baton->size = dwarf2_per_objfile->loc_size - DW_UNSND (attr);

The field "loc_size" in dwarf2_per_objfile is declared to be an unsigned
integer and attr.u.unsnd (expansion of DW_UNSND (attr)) is declared to
be an unsigned long but the "size" field in dwarf2_loclist_baton and
dwarf2_locexpr_baton defined in dwarf2loc.h is defined to be an unsigned
short.  Is it possible to overflow baton->size with the above
calculation?

If it is possible, then in find_location_expression() in dwarf2loc.c,
there may be a problem processing a location list entry as baton->size
is used to 
determine the end of that location list entry.  I think this overflow
could
happen for a program with a large .debug_loc section.

Do you believe that this is a problem?

Thanks!

Reva Cuthbertson
reva.cuthbertson@hp.com

Follow-Ups:
- Re: Is it possible to overflow baton->size in dwarf_mark_symbols_computed() in dwarf2read.c?
  - From: Daniel Jacobowitz

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]