libdw: Add get_uleb128 and get_sleb128 bounds checking.

Both get_uleb128 and get_sleb128 now take an end pointer to prevent reading too much data. Adjust all callers to provide the end pointer. There are still two exceptions. "Raw" dwarf_getabbrevattr and read_encoded_valued don't have a end pointer associated yet. They will have to be provided in the future. Signed-off-by: Mark Wielaard <[email protected]>
author: Mark Wielaard <[email protected]> 2014-12-14 21:48:23 +0100
committer: Mark Wielaard <[email protected]> 2014-12-17 16:35:56 +0100
commit: 7a053473c7bedd22e3db39c444a4cd8f97eace25 (patch)
tree: f98e9e7def17ec051170aaf663419628d84fae78 /libdw/dwarf_getattrs.c
parent: 9202665816763fad8524dd78a664dbcaa157b8d4 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/libdw/dwarf_getattrs.c b/libdw/dwarf_getattrs.c
index 0c54e5d0..0da8b5ba 100644
--- a/libdw/dwarf_getattrs.c
+++ b/libdw/dwarf_getattrs.c
@@ -75,9 +75,10 @@ dwarf_getattrs (Dwarf_Die *die, int (*callback) (Dwarf_Attribute *, void *),
       Dwarf_Attribute attr;
       const unsigned char *remembered_attrp = attrp;
 
-      // XXX Fix bound checks
-      get_uleb128 (attr.code, attrp);
-      get_uleb128 (attr.form, attrp);
+      get_uleb128 (attr.code, attrp, endp);
+      if (unlikely (attrp >= endp))
+	goto invalid_dwarf;
+      get_uleb128 (attr.form, attrp, endp);
 
       /* We can stop if we found the attribute with value zero.  */
       if (attr.code == 0 && attr.form == 0)
author	Mark Wielaard <[email protected]>	2014-12-14 21:48:23 +0100
committer	Mark Wielaard <[email protected]>	2014-12-17 16:35:56 +0100
commit	7a053473c7bedd22e3db39c444a4cd8f97eace25 (patch)
tree	f98e9e7def17ec051170aaf663419628d84fae78 /libdw/dwarf_getattrs.c
parent	9202665816763fad8524dd78a664dbcaa157b8d4 (diff)