diff options
| author | Mark Wielaard <mark@klomp.org> | 2018-08-18 13:27:48 +0200 |
|---|---|---|
| committer | Mark Wielaard <mark@klomp.org> | 2018-08-18 13:27:48 +0200 |
| commit | 29e31978ba51c1051743a503ee325b5ebc03d7e9 (patch) | |
| tree | 7bc138fc91e3ef04a04406a1426ab8cef33b2628 /libdw | |
| parent | c9f90a70900e753dde15cc9348dcf7de08b031eb (diff) | |
| download | elfutils-29e31978ba51c1051743a503ee325b5ebc03d7e9.tar.gz | |
libdw, readelf: Make sure there is enough data to read full aranges header.
dwarf_getaranges didn't check if there was enough data left to read both
the address and segment size. readelf didn't check there was enough data
left to read the segment size.
https://sourceware.org/bugzilla/show_bug.cgi?id=23541
Signed-off-by: Mark Wielaard <mark@klomp.org>
Diffstat (limited to 'libdw')
| -rw-r--r-- | libdw/ChangeLog | 5 | ||||
| -rw-r--r-- | libdw/dwarf_getaranges.c | 4 |
2 files changed, 9 insertions, 0 deletions
diff --git a/libdw/ChangeLog b/libdw/ChangeLog index cb4f34ed..472d9228 100644 --- a/libdw/ChangeLog +++ b/libdw/ChangeLog @@ -1,3 +1,8 @@ +2018-08-18 Mark Wielaard <mark@klomp.org> + + * dwarf_getaranges.c (dwarf_getaranges.c): Make sure there is enough + data to read the address and segment size. + 2018-07-04 Ross Burton <ross.burton@intel.com> * libdw_alloc.c: Remove error.h include. diff --git a/libdw/dwarf_getaranges.c b/libdw/dwarf_getaranges.c index bff9c860..de5b81ba 100644 --- a/libdw/dwarf_getaranges.c +++ b/libdw/dwarf_getaranges.c @@ -148,6 +148,10 @@ dwarf_getaranges (Dwarf *dbg, Dwarf_Aranges **aranges, size_t *naranges) length_bytes, &offset, IDX_debug_info, 4)) goto fail; + /* Next up two bytes for address and segment size. */ + if (readp + 2 > readendp) + goto invalid; + unsigned int address_size = *readp++; if (unlikely (address_size != 4 && address_size != 8)) goto invalid; |