diff options
author | Mark Wielaard <mjw@redhat.com> | 2014-12-14 21:48:23 +0100 |
---|---|---|
committer | Mark Wielaard <mjw@redhat.com> | 2014-12-17 16:35:56 +0100 |
commit | 7a053473c7bedd22e3db39c444a4cd8f97eace25 (patch) | |
tree | f98e9e7def17ec051170aaf663419628d84fae78 /libdw/libdw_form.c | |
parent | 9202665816763fad8524dd78a664dbcaa157b8d4 (diff) | |
download | elfutils-7a053473c7bedd22e3db39c444a4cd8f97eace25.tar.gz |
libdw: Add get_uleb128 and get_sleb128 bounds checking.
Both get_uleb128 and get_sleb128 now take an end pointer to prevent
reading too much data. Adjust all callers to provide the end pointer.
There are still two exceptions. "Raw" dwarf_getabbrevattr and
read_encoded_valued don't have a end pointer associated yet.
They will have to be provided in the future.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Diffstat (limited to 'libdw/libdw_form.c')
-rw-r--r-- | libdw/libdw_form.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/libdw/libdw_form.c b/libdw/libdw_form.c index 379ede50..72e2390c 100644 --- a/libdw/libdw_form.c +++ b/libdw/libdw_form.c @@ -86,8 +86,7 @@ __libdw_form_val_compute_len (struct Dwarf_CU *cu, unsigned int form, case DW_FORM_block: case DW_FORM_exprloc: - // XXX overflow check - get_uleb128 (u128, valp); + get_uleb128 (u128, valp, endp); result = u128 + (valp - startp); break; @@ -104,13 +103,12 @@ __libdw_form_val_compute_len (struct Dwarf_CU *cu, unsigned int form, case DW_FORM_sdata: case DW_FORM_udata: case DW_FORM_ref_udata: - // XXX overflow check - get_uleb128 (u128, valp); + get_uleb128 (u128, valp, endp); result = valp - startp; break; case DW_FORM_indirect: - get_uleb128 (u128, valp); + get_uleb128 (u128, valp, endp); // XXX Is this really correct? result = __libdw_form_val_len (cu, u128, valp); if (result != (size_t) -1) |