PR28862, heap-buffer-overflow in parse_stab_string

I have no info on the format of a "SUNPRO C++ Namespace" stab, so am relying on the previous code being correct in parsing these stabs. Just don't allow NULs anywhere in the stab. PR 28862 * stabs.c (parse_stab_string): Don't overrun buffer when parsing 'Y' stab.
4 years ago · 481153777e
1 changed files with 4 additions and 4 deletions
--- a/binutils/stabs.c
+++ b/binutils/stabs.c
@ -1129,13 +1129,13 @@ parse_stab_string (void *dhandle, struct stab_handle *info, int stabtype,
    case 'Y':
      /* SUNPro C++ Namespace =Yn0.  */
      /* Skip the namespace mapping, as it is not used now.  */
-      if (*(++p) == 'n' && *(++p) == '0')
+      if (*p++ != 0 && *p++ == 'n' && *p++ == '0')
 	{
 	  /* =Yn0name; */
-	  while (*p != ';')
+	  while (*p && *p != ';')
 	    ++p;
-	  ++p;
-	  return true;
+	  if (*p)
+	    return true;
 	}
      /* TODO SUNPro C++ support:
         Support default arguments after F,P parameters