Signed-off-by: Mark Wielaard <[email protected]> --- src/ChangeLog | 4 ++++ src/readelf.c | 8 +++++--- 2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/ChangeLog b/src/ChangeLog index a193f40..182c9cd 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,9 @@ 2014-12-15 Mark Wielaard <[email protected]> + * readelf.c (print_gdb_index_section): Add more bounds checks. + +2014-12-15 Mark Wielaard <[email protected]> + * readelf.c (print_debug_line_section): Check there is enough room for DW_LNE_set_address argument. Make sure there is enough room for the the initial unit_length. diff --git a/src/readelf.c b/src/readelf.c index cd8ba86..41239bc 100644 --- a/src/readelf.c +++ b/src/readelf.c @@ -8048,21 +8048,23 @@ print_gdb_index_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr, if (name != 0 || vector != 0) { const unsigned char *sym = data->d_buf + const_off + name; - if (unlikely (sym > dataend)) + if (unlikely (sym > dataend + || memchr (sym, '\0', dataend - sym) == NULL)) goto invalid_data; printf (" [%4zu] symbol: %s, CUs: ", n, sym); const unsigned char *readcus = data->d_buf + const_off + vector; - if (unlikely (readcus + 8 > dataend)) + if (unlikely (readcus + 4 > dataend)) goto invalid_data; - uint32_t cus = read_4ubyte_unaligned (dbg, readcus); while (cus--) { uint32_t cu_kind, cu, kind; bool is_static; readcus += 4; + if (unlikely (readcus + 4 > dataend)) + goto invalid_data; cu_kind = read_4ubyte_unaligned (dbg, readcus); cu = cu_kind & ((1 << 24) - 1); kind = (cu_kind >> 28) & 7; -- 1.8.3.1
