libdw: Add get_uleb128 and get_sleb128 bounds checking.

Both get_uleb128 and get_sleb128 now take an end pointer to prevent
reading too much data. Adjust all callers to provide the end pointer.

There are still two exceptions. "Raw" dwarf_getabbrevattr and
read_encoded_valued don't have a end pointer associated yet.
They will have to be provided in the future.

Signed-off-by: Mark Wielaard <mjw@redhat.com>

1 files changed, 3 insertions, 5 deletions

diff --git a/libdw/libdw_form.c b/libdw/libdw_form.c
index 379ede50..72e2390c 100644
--- a/libdw/libdw_form.c
+++ b/libdw/libdw_form.c
@@ -86,8 +86,7 @@ __libdw_form_val_compute_len (struct Dwarf_CU *cu, unsigned int form,
 
     case DW_FORM_block:
     case DW_FORM_exprloc:
-      // XXX overflow check
-      get_uleb128 (u128, valp);
+      get_uleb128 (u128, valp, endp);
       result = u128 + (valp - startp);
       break;
 
@@ -104,13 +103,12 @@ __libdw_form_val_compute_len (struct Dwarf_CU *cu, unsigned int form,
     case DW_FORM_sdata:
     case DW_FORM_udata:
     case DW_FORM_ref_udata:
-      // XXX overflow check
-      get_uleb128 (u128, valp);
+      get_uleb128 (u128, valp, endp);
       result = valp - startp;
       break;
 
     case DW_FORM_indirect:
-      get_uleb128 (u128, valp);
+      get_uleb128 (u128, valp, endp);
       // XXX Is this really correct?
       result = __libdw_form_val_len (cu, u128, valp);
       if (result != (size_t) -1)