summaryrefslogtreecommitdiffstats
path: root/libdw/dwarf_formstring.c
diff options
context:
space:
mode:
authorAleksei Vetrov <[email protected]>2023-02-14 20:30:02 +0000
committerMark Wielaard <[email protected]>2023-02-17 00:18:53 +0100
commitfda09f5f188fb173b2123815be71ca4647a8adfb (patch)
treefc66ad4c3abae0765528e7b7bbb622882d4e9182 /libdw/dwarf_formstring.c
parent73e212b0a778c6dbe84f79b7eb2647dea50ea16f (diff)
libdw: check that DWARF strings are null-terminated
It is expected from libdw to return strings that are null-terminated to avoid overflowing ELF data. * Add calculation of a safe prefix inside string sections, where any string will be null-terminated. * Check if offset overflows the safe prefix in dwarf_formstring. Signed-off-by: Aleksei Vetrov <[email protected]>
Diffstat (limited to 'libdw/dwarf_formstring.c')
-rw-r--r--libdw/dwarf_formstring.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/libdw/dwarf_formstring.c b/libdw/dwarf_formstring.c
index c3e892a8..0ee42411 100644
--- a/libdw/dwarf_formstring.c
+++ b/libdw/dwarf_formstring.c
@@ -61,6 +61,9 @@ dwarf_formstring (Dwarf_Attribute *attrp)
Elf_Data *data = ((attrp->form == DW_FORM_line_strp)
? dbg_ret->sectiondata[IDX_debug_line_str]
: dbg_ret->sectiondata[IDX_debug_str]);
+ size_t data_size = ((attrp->form == DW_FORM_line_strp)
+ ? dbg_ret->string_section_size[STR_SCN_IDX_debug_line_str]
+ : dbg_ret->string_section_size[STR_SCN_IDX_debug_str]);
if (data == NULL)
{
__libdw_seterrno ((attrp->form == DW_FORM_line_strp)
@@ -171,7 +174,7 @@ dwarf_formstring (Dwarf_Attribute *attrp)
else
off = read_8ubyte_unaligned (dbg, datap);
- if (off > dbg->sectiondata[IDX_debug_str]->d_size)
+ if (off >= data_size)
goto invalid_offset;
}