diff options
| author | Mark Wielaard <mark@klomp.org> | 2023-02-08 16:53:24 +0100 |
|---|---|---|
| committer | Mark Wielaard <mark@klomp.org> | 2023-02-14 16:45:10 +0100 |
| commit | 922068cebba6ed0dfc2da0a9e40e3e1b63e0aca9 (patch) | |
| tree | de05636616a8ab25c9504fca479c641490d61f22 /libdw/cfi.c | |
| parent | e444d60a341b7b9bc3ae763a843d3e7190234ca9 (diff) | |
| download | elfutils-922068cebba6ed0dfc2da0a9e40e3e1b63e0aca9.tar.gz | |
libdw, readelf, elflint: Add get_(u|s)leb128 guards
Add sanity check making sure an leb128 isn't being read beyond the
end of the current data segment. Most code already had these guards,
but some were missing. This makes sure an appropriate error is
generated instead.
Signed-off-by: Mark Wielaard <mark@klomp.org>
Diffstat (limited to 'libdw/cfi.c')
| -rw-r--r-- | libdw/cfi.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libdw/cfi.c b/libdw/cfi.c index 6d08ca90..a7174405 100644 --- a/libdw/cfi.c +++ b/libdw/cfi.c @@ -239,6 +239,7 @@ execute_cfi (Dwarf_CFI *cache, case DW_CFA_offset_extended_sf: get_uleb128 (operand, program, end); + cfi_assert (program < end); get_sleb128 (sf_offset, program, end); offset_extended_sf: offset = sf_offset * cie->data_alignment_factor; @@ -294,6 +295,7 @@ execute_cfi (Dwarf_CFI *cache, get_uleb128 (regno, program, end); /* DW_FORM_block is a ULEB128 length followed by that many bytes. */ offset = program - (const uint8_t *) cache->data->d.d_buf; + cfi_assert (program < end); get_uleb128 (operand, program, end); cfi_assert (operand <= (Dwarf_Word) (end - program)); program += operand; |