2005-08-01 Roland McGrath <[email protected]>

* dwarf_getaranges.c (dwarf_getaranges): Check for bogus offset. * dwarf_getabbrev.c (__libdw_getabbrev): Likewise.
author: Roland McGrath <[email protected]> 2005-08-02 01:24:01 +0000
committer: Roland McGrath <[email protected]> 2005-08-02 01:24:01 +0000
commit: a5a89687681ca81e82681b56612495c0d087829e (patch)
tree: 6f1fe82d9ef2f1cc864cfa4fdf84f240a448fa5b /libdw/dwarf_getaranges.c
parent: 83fcb48e54b31230235e7dcc1b21b446ba3f5cc4 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/libdw/dwarf_getaranges.c b/libdw/dwarf_getaranges.c
index f7cf050f..d51ddaeb 100644
--- a/libdw/dwarf_getaranges.c
+++ b/libdw/dwarf_getaranges.c
@@ -106,6 +106,10 @@ dwarf_getaranges (dbg, aranges, naranges)
       else
 	offset = read_8ubyte_unaligned_inc (dbg, readp);
 
+      /* Sanity-check the offset.  */
+      if (offset + 4 > dbg->sectiondata[IDX_debug_info]->d_size)
+	goto invalid;
+
       unsigned int address_size = *readp++;
       if (address_size != 4 && address_size != 8)
 	goto invalid;
@@ -154,6 +158,11 @@ dwarf_getaranges (dbg, aranges, naranges)
 	    offset_size = 4;
 	  new_arange->arange.offset = offset + 3 * offset_size - 4 + 3;
 
+	  /* Sanity-check the data.  */
+	  if (new_arange->arange.offset
+	      >= dbg->sectiondata[IDX_debug_info]->d_size)
+	    goto invalid;
+
 	  new_arange->next = arangelist;
 	  arangelist = new_arange;
 	  ++narangelist;
author	Roland McGrath <[email protected]>	2005-08-02 01:24:01 +0000
committer	Roland McGrath <[email protected]>	2005-08-02 01:24:01 +0000
commit	a5a89687681ca81e82681b56612495c0d087829e (patch)
tree	6f1fe82d9ef2f1cc864cfa4fdf84f240a448fa5b /libdw/dwarf_getaranges.c
parent	83fcb48e54b31230235e7dcc1b21b446ba3f5cc4 (diff)