Signed-off-by: Mark Wielaard <[email protected]> --- libdw/ChangeLog | 5 +++++ libdw/dwarf_getpubnames.c | 3 +++ 2 files changed, 8 insertions(+)
diff --git a/libdw/ChangeLog b/libdw/ChangeLog index 0592220..4f03b73 100644 --- a/libdw/ChangeLog +++ b/libdw/ChangeLog @@ -1,5 +1,10 @@ 2014-12-16 Mark Wielaard <[email protected]> + * dwarf_getpubnames.c (dwarf_getpubnames): Make sure there is enough + space to read die offset. + +2014-12-16 Mark Wielaard <[email protected]> + * dwarf_getsrclines.c (read_srclines): Correct overflow check for unit_length. diff --git a/libdw/dwarf_getpubnames.c b/libdw/dwarf_getpubnames.c index 9fbfcbf..19f4eae 100644 --- a/libdw/dwarf_getpubnames.c +++ b/libdw/dwarf_getpubnames.c @@ -199,6 +199,8 @@ dwarf_getpubnames (dbg, callback, arg, offset) while (1) { /* READP points to the next offset/name pair. */ + if (readp + dbg->pubnames_sets[cnt].address_len > endp) + goto invalid_dwarf; if (dbg->pubnames_sets[cnt].address_len == 4) gl.die_offset = read_4ubyte_unaligned_inc (dbg, readp); else @@ -215,6 +217,7 @@ dwarf_getpubnames (dbg, callback, arg, offset) readp = (unsigned char *) memchr (gl.name, '\0', endp - readp); if (unlikely (readp == NULL)) { + invalid_dwarf: __libdw_seterrno (DWARF_E_INVALID_DWARF); return -1l; } -- 1.8.3.1
