readelf, libdw: Handle too many directories or files in the line table better.

The afl fuzzer found that the way we handle "too many" directories or files
in the (DWARF5 style) line table badly. In the case of eu-readelf we would
print an endless stream of "bad directory" or "bad file". Just stop printing
when the end of data is reached. In the case of dwarf_getsrclines we would
allocate a giant amount of memory, even if there was no data to actually
read in. Sanity check that the directory and file counts seem reasonable
compared to the amount of data left (assume we need at least 1 byte of
data per form describing the dirs or files).

Signed-off-by: Mark Wielaard <[email protected]>

2 files changed, 9 insertions, 0 deletions

diff --git a/src/ChangeLog b/src/ChangeLog
index 778238e2..ca1917a2 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2018-06-08  Mark Wielaard  <[email protected]>
+
+	* readelf.c (print_debug_line_section): Stop printing directories
+	and files when we are at the end of the unit data.
+
 2018-06-07  Mark Wielaard  <[email protected]>
 
 	* readelf.c (format_result): Removed.
diff --git a/src/readelf.c b/src/readelf.c
index f9514a1d..af78f17e 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -8294,6 +8294,8 @@ print_debug_line_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr,
 		    printf (", ");
 		}
 	      printf ("\n");
+	      if (linep >= lineendp)
+		goto invalid_unit;
 	    }
 	}
       else
@@ -8370,6 +8372,8 @@ print_debug_line_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr,
 		    printf (", ");
 		}
 	      printf ("\n");
+	      if (linep >= lineendp)
+		goto invalid_unit;
 	    }
 	}
       else