libdw, readelf, elflint: Add get_(u|s)leb128 guards

Add sanity check making sure an leb128 isn't being read beyond the end of the current data segment. Most code already had these guards, but some were missing. This makes sure an appropriate error is generated instead. Signed-off-by: Mark Wielaard <mark@klomp.org>
author: Mark Wielaard <mark@klomp.org> 2023-02-08 16:53:24 +0100
committer: Mark Wielaard <mark@klomp.org> 2023-02-14 16:45:10 +0100
commit: 922068cebba6ed0dfc2da0a9e40e3e1b63e0aca9 (patch)
tree: de05636616a8ab25c9504fca479c641490d61f22 /src/elflint.c
parent: e444d60a341b7b9bc3ae763a843d3e7190234ca9 (diff)
download: elfutils-922068cebba6ed0dfc2da0a9e40e3e1b63e0aca9.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/src/elflint.c b/src/elflint.c
index b4eac32f..dd42dcb4 100644
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -3569,9 +3569,12 @@ section [%2d] '%s': offset %zu: attribute subsection has unexpected tag %u\n"),
 		    const unsigned char *r = chunk;
 		    if (tag == 32 || (tag & 1) == 0)
 		      {
+			if (r >= q)
+			  goto invalid_uleb;
 			get_uleb128 (value, r, q);
 			if (r > q)
 			  {
+			  invalid_uleb:
 			    ERROR (_("\
 section [%2d] '%s': offset %zu: endless ULEB128 in attribute tag\n"),
 				   idx, section_name (ebl, idx), buffer_pos (data, chunk));
author	Mark Wielaard <mark@klomp.org>	2023-02-08 16:53:24 +0100
committer	Mark Wielaard <mark@klomp.org>	2023-02-14 16:45:10 +0100
commit	922068cebba6ed0dfc2da0a9e40e3e1b63e0aca9 (patch)
tree	de05636616a8ab25c9504fca479c641490d61f22 /src/elflint.c
parent	e444d60a341b7b9bc3ae763a843d3e7190234ca9 (diff)
download	elfutils-922068cebba6ed0dfc2da0a9e40e3e1b63e0aca9.tar.gz