diff options
author | Mark Wielaard <mjw@redhat.com> | 2014-12-14 21:48:23 +0100 |
---|---|---|
committer | Mark Wielaard <mjw@redhat.com> | 2014-12-17 16:35:56 +0100 |
commit | 7a053473c7bedd22e3db39c444a4cd8f97eace25 (patch) | |
tree | f98e9e7def17ec051170aaf663419628d84fae78 /libdw/dwarf_child.c | |
parent | 9202665816763fad8524dd78a664dbcaa157b8d4 (diff) | |
download | elfutils-7a053473c7bedd22e3db39c444a4cd8f97eace25.tar.gz |
libdw: Add get_uleb128 and get_sleb128 bounds checking.
Both get_uleb128 and get_sleb128 now take an end pointer to prevent
reading too much data. Adjust all callers to provide the end pointer.
There are still two exceptions. "Raw" dwarf_getabbrevattr and
read_encoded_valued don't have a end pointer associated yet.
They will have to be provided in the future.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Diffstat (limited to 'libdw/dwarf_child.c')
-rw-r--r-- | libdw/dwarf_child.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/libdw/dwarf_child.c b/libdw/dwarf_child.c index 96d8e234..58a438b5 100644 --- a/libdw/dwarf_child.c +++ b/libdw/dwarf_child.c @@ -63,18 +63,16 @@ __libdw_find_attr (Dwarf_Die *die, unsigned int search_name, const unsigned char *attrp = abbrevp->attrp; while (1) { - /* Are we still in bounds? This test needs to be refined. */ - if (unlikely (attrp + 1 >= endp)) + /* Get attribute name and form. */ + if (unlikely (attrp >= endp)) goto invalid_dwarf; - - /* Get attribute name and form. - - XXX We don't check whether this reads beyond the end of the - section. */ unsigned int attr_name; - get_uleb128 (attr_name, attrp); + get_uleb128 (attr_name, attrp, endp); + + if (unlikely (attrp >= endp)) + goto invalid_dwarf; unsigned int attr_form; - get_uleb128 (attr_form, attrp); + get_uleb128 (attr_form, attrp, endp); /* We can stop if we found the attribute with value zero. */ if (attr_name == 0 && attr_form == 0) |