Signed-off-by: Mark Wielaard <[email protected]> --- src/ChangeLog | 5 +++++ src/readelf.c | 7 ++++--- 2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/ChangeLog b/src/ChangeLog index 456e5a4..0ae7e46 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2014-12-11 Mark Wielaard <[email protected]> + + * readelf.c (print_debug_frame_section): Check number of augmentation + chars to print. + 2014-12-09 Mark Wielaard <[email protected]> * readelf.c (handle_file_note): Check count fits data section and diff --git a/src/readelf.c b/src/readelf.c index c6d10f7..31a0e0a 100644 --- a/src/readelf.c +++ b/src/readelf.c @@ -5490,7 +5490,7 @@ print_debug_frame_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr, unsigned int augmentationlen; get_uleb128 (augmentationlen, readp); - if (augmentationlen > (size_t) (dataend - readp)) + if (augmentationlen > (size_t) (cieend - readp)) { error (0, 0, gettext ("invalid augmentation length")); readp = cieend; @@ -5499,7 +5499,7 @@ print_debug_frame_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr, const char *hdr = "Augmentation data:"; const char *cp = augmentation + 1; - while (*cp != '\0') + while (*cp != '\0' && cp < augmentation + augmentationlen + 1) { printf (" %-26s%#x ", hdr, *readp); hdr = ""; @@ -5655,7 +5655,8 @@ print_debug_frame_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr, const char *hdr = "Augmentation data:"; const char *cp = cie->augmentation + 1; unsigned int u = 0; - while (*cp != '\0') + while (*cp != '\0' + && cp < cie->augmentation + augmentationlen + 1) { if (*cp == 'L') { -- 1.8.3.1
