libdw: Add get_uleb128 and get_sleb128 bounds checking.

Both get_uleb128 and get_sleb128 now take an end pointer to prevent reading too much data. Adjust all callers to provide the end pointer. There are still two exceptions. "Raw" dwarf_getabbrevattr and read_encoded_valued don't have a end pointer associated yet. They will have to be provided in the future. Signed-off-by: Mark Wielaard <[email protected]>
author: Mark Wielaard <[email protected]> 2014-12-14 21:48:23 +0100
committer: Mark Wielaard <[email protected]> 2014-12-17 16:35:56 +0100
commit: 7a053473c7bedd22e3db39c444a4cd8f97eace25 (patch)
tree: f98e9e7def17ec051170aaf663419628d84fae78 /libdw/dwarf_getmacros.c
parent: 9202665816763fad8524dd78a664dbcaa157b8d4 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/libdw/dwarf_getmacros.c b/libdw/dwarf_getmacros.c
index 848128e2..f9f29961 100644
--- a/libdw/dwarf_getmacros.c
+++ b/libdw/dwarf_getmacros.c
@@ -215,13 +215,16 @@ get_table_for_offset (Dwarf *dbg, Dwarf_Word macoff,
 	  unsigned opcode = *readp++;
 
 	  Dwarf_Macro_Op_Proto e;
-	  get_uleb128 (e.nforms, readp); // XXX checking
+	  if (readp >= endp)
+	    goto invalid;
+	  get_uleb128 (e.nforms, readp, endp);
 	  e.forms = readp;
 	  op_protos[opcode - 1] = e;
 
 	  readp += e.nforms;
 	  if (readp > endp)
 	    {
+	    invalid:
 	      __libdw_seterrno (DWARF_E_INVALID_DWARF);
 	      return NULL;
 	    }
author	Mark Wielaard <[email protected]>	2014-12-14 21:48:23 +0100
committer	Mark Wielaard <[email protected]>	2014-12-17 16:35:56 +0100
commit	7a053473c7bedd22e3db39c444a4cd8f97eace25 (patch)
tree	f98e9e7def17ec051170aaf663419628d84fae78 /libdw/dwarf_getmacros.c
parent	9202665816763fad8524dd78a664dbcaa157b8d4 (diff)