diff options
| author | Mark Wielaard <[email protected]> | 2015-04-22 11:44:32 +0200 |
|---|---|---|
| committer | Mark Wielaard <[email protected]> | 2015-04-28 13:57:29 +0200 |
| commit | f333a1c240d4236d6215c00dd5d88d79893cc350 (patch) | |
| tree | 3797e0933bb3ec1a187777476ace5789ff1ee9f2 /src | |
| parent | 9b5f79511717cc26233dd06dd8dab148498db307 (diff) | |
readelf: Check all offsets used in print_gdb_index_section against d_size.
https://bugzilla.redhat.com/show_bug.cgi?id=1170810#c29
Signed-off-by: Mark Wielaard <[email protected]>
Diffstat (limited to 'src')
| -rw-r--r-- | src/ChangeLog | 5 | ||||
| -rw-r--r-- | src/readelf.c | 15 |
2 files changed, 18 insertions, 2 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index e92f1158..40a0e6f9 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2015-03-22 Mark Wielaard <[email protected]> + + * readelf.c (print_gdb_index_section): Check all offsets used + against section d_size. + 2015-03-17 Mark Wielaard <[email protected]> * readelf.c (print_debug): Don't return, but always use dummy_dbg. diff --git a/src/readelf.c b/src/readelf.c index 7f84edaf..26c7eedb 100644 --- a/src/readelf.c +++ b/src/readelf.c @@ -8015,11 +8015,12 @@ print_gdb_index_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr, < const_off)) goto invalid_data; - const unsigned char *const_start = data->d_buf + const_off; - readp = data->d_buf + cu_off; const unsigned char *nextp = data->d_buf + tu_off; + if (tu_off >= data->d_size) + goto invalid_data; + size_t cu_nr = (nextp - readp) / 16; printf (gettext ("\n CU list at offset %#" PRIx32 @@ -8042,6 +8043,9 @@ print_gdb_index_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr, readp = data->d_buf + tu_off; nextp = data->d_buf + addr_off; + if (addr_off >= data->d_size) + goto invalid_data; + size_t tu_nr = (nextp - readp) / 24; printf (gettext ("\n TU list at offset %#" PRIx32 @@ -8068,6 +8072,9 @@ print_gdb_index_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr, readp = data->d_buf + addr_off; nextp = data->d_buf + sym_off; + if (sym_off >= data->d_size) + goto invalid_data; + size_t addr_nr = (nextp - readp) / 20; printf (gettext ("\n Address list at offset %#" PRIx32 @@ -8095,6 +8102,10 @@ print_gdb_index_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr, n++; } + const unsigned char *const_start = data->d_buf + const_off; + if (const_off >= data->d_size) + goto invalid_data; + readp = data->d_buf + sym_off; nextp = const_start; size_t sym_nr = (nextp - readp) / 8; |