readelf: Check TType base offset and Action table are sane in exception table.

Signed-off-by: Mark Wielaard <[email protected]>
author: Mark Wielaard <[email protected]> 2014-12-11 18:26:09 +0100
committer: Mark Wielaard <[email protected]> 2014-12-15 10:06:45 +0100
commit: ee5693b9dbc9836df7fd9ca9e988464f43a55312 (patch)
tree: 5bb788476c6fbc3a6307bcca2cff22ca33069325 /src/readelf.c
parent: cd33929347b975cbeb286e2e68cf7775703ab7b2 (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/src/readelf.c b/src/readelf.c
index 31a0e0a9..b62e778f 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -7710,7 +7710,8 @@ print_debug_exception_table (Dwfl_Module *dwflmod __attribute__ ((unused)),
       unsigned int ttype_base_offset;
       get_uleb128 (ttype_base_offset, readp);
       printf (" TType base offset:   %#x\n", ttype_base_offset);
-      ttype_base = readp + ttype_base_offset;
+      if ((size_t) (dataend - readp) > ttype_base_offset)
+        ttype_base = readp + ttype_base_offset;
     }
 
   if (unlikely (readp + 1 > dataend))
@@ -7757,6 +7758,12 @@ print_debug_exception_table (Dwfl_Module *dwflmod __attribute__ ((unused)),
     {
       puts ("\n Action table:");
 
+      if ((size_t) (dataend - action_table) < max_action + 1)
+	{
+	  fputs (gettext ("   <INVALID DATA>\n"), stdout);
+	  return;
+	}
+
       const unsigned char *const action_table_end
 	= action_table + max_action + 1;
 
@@ -7784,7 +7791,7 @@ print_debug_exception_table (Dwfl_Module *dwflmod __attribute__ ((unused)),
       while (readp < action_table_end);
     }
 
-  if (max_ar_filter > 0)
+  if (max_ar_filter > 0 && ttype_base != NULL)
     {
       puts ("\n TType table:");
author	Mark Wielaard <[email protected]>	2014-12-11 18:26:09 +0100
committer	Mark Wielaard <[email protected]>	2014-12-15 10:06:45 +0100
commit	ee5693b9dbc9836df7fd9ca9e988464f43a55312 (patch)
tree	5bb788476c6fbc3a6307bcca2cff22ca33069325 /src/readelf.c
parent	cd33929347b975cbeb286e2e68cf7775703ab7b2 (diff)