diff options
author | Aleksei Vetrov <[email protected]> | 2023-02-14 20:30:02 +0000 |
---|---|---|
committer | Mark Wielaard <[email protected]> | 2023-02-17 00:18:53 +0100 |
commit | fda09f5f188fb173b2123815be71ca4647a8adfb (patch) | |
tree | fc66ad4c3abae0765528e7b7bbb622882d4e9182 /libdw/dwarf_formstring.c | |
parent | 73e212b0a778c6dbe84f79b7eb2647dea50ea16f (diff) |
libdw: check that DWARF strings are null-terminated
It is expected from libdw to return strings that are null-terminated to
avoid overflowing ELF data.
* Add calculation of a safe prefix inside string sections, where any
string will be null-terminated.
* Check if offset overflows the safe prefix in dwarf_formstring.
Signed-off-by: Aleksei Vetrov <[email protected]>
Diffstat (limited to 'libdw/dwarf_formstring.c')
-rw-r--r-- | libdw/dwarf_formstring.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/libdw/dwarf_formstring.c b/libdw/dwarf_formstring.c index c3e892a8..0ee42411 100644 --- a/libdw/dwarf_formstring.c +++ b/libdw/dwarf_formstring.c @@ -61,6 +61,9 @@ dwarf_formstring (Dwarf_Attribute *attrp) Elf_Data *data = ((attrp->form == DW_FORM_line_strp) ? dbg_ret->sectiondata[IDX_debug_line_str] : dbg_ret->sectiondata[IDX_debug_str]); + size_t data_size = ((attrp->form == DW_FORM_line_strp) + ? dbg_ret->string_section_size[STR_SCN_IDX_debug_line_str] + : dbg_ret->string_section_size[STR_SCN_IDX_debug_str]); if (data == NULL) { __libdw_seterrno ((attrp->form == DW_FORM_line_strp) @@ -171,7 +174,7 @@ dwarf_formstring (Dwarf_Attribute *attrp) else off = read_8ubyte_unaligned (dbg, datap); - if (off > dbg->sectiondata[IDX_debug_str]->d_size) + if (off >= data_size) goto invalid_offset; } |