libdw: Check sibling attribute offset still falls inside CU data.

Found with afl-fuzz. Signed-off-by: Mark Wielaard <mjw@redhat.com>
author: Mark Wielaard <mjw@redhat.com> 2014-12-27 12:13:50 +0100
committer: Mark Wielaard <mjw@redhat.com> 2015-01-12 22:12:53 +0100
commit: 3fa1796a550bade1e59f05eba9ae1008773cb645 (patch)
tree: 0b9ba1f573bf9ffcfafe883e3a5fca6492534e8f /libdw/dwarf_siblingof.c
parent: 555fdae16cea49d0540858b3acb3d2f3e63c123c (diff)
download: elfutils-3fa1796a550bade1e59f05eba9ae1008773cb645.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/libdw/dwarf_siblingof.c b/libdw/dwarf_siblingof.c
index 27830ea4..f8241b37 100644
--- a/libdw/dwarf_siblingof.c
+++ b/libdw/dwarf_siblingof.c
@@ -79,6 +79,13 @@ dwarf_siblingof (die, result)
 	    /* Something went wrong.  */
 	    return -1;
 
+	  size_t size = sibattr.cu->endp - sibattr.cu->startp;
+	  if (unlikely (offset >= size))
+	    {
+	      __libdw_seterrno (DWARF_E_INVALID_DWARF);
+	      return -1;
+	    }
+
 	  /* Compute the next address.  */
 	  addr = sibattr.cu->startp + offset;
 	}
author	Mark Wielaard <mjw@redhat.com>	2014-12-27 12:13:50 +0100
committer	Mark Wielaard <mjw@redhat.com>	2015-01-12 22:12:53 +0100
commit	3fa1796a550bade1e59f05eba9ae1008773cb645 (patch)
tree	0b9ba1f573bf9ffcfafe883e3a5fca6492534e8f /libdw/dwarf_siblingof.c
parent	555fdae16cea49d0540858b3acb3d2f3e63c123c (diff)
download	elfutils-3fa1796a550bade1e59f05eba9ae1008773cb645.tar.gz