From 7a053473c7bedd22e3db39c444a4cd8f97eace25 Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mjw@redhat.com>
Date: Sun, 14 Dec 2014 21:48:23 +0100
Subject: libdw: Add get_uleb128 and get_sleb128 bounds checking.

Both get_uleb128 and get_sleb128 now take an end pointer to prevent
reading too much data. Adjust all callers to provide the end pointer.

There are still two exceptions. "Raw" dwarf_getabbrevattr and
read_encoded_valued don't have a end pointer associated yet.
They will have to be provided in the future.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
 libdw/encoded-value.h | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'libdw/encoded-value.h')

diff --git a/libdw/encoded-value.h b/libdw/encoded-value.h
index 4b59f62f..ae9a38f9 100644
--- a/libdw/encoded-value.h
+++ b/libdw/encoded-value.h
@@ -1,5 +1,5 @@
 /* DW_EH_PE_* support for libdw unwinder.
-   Copyright (C) 2009-2010 Red Hat, Inc.
+   Copyright (C) 2009-2010, 2014 Red Hat, Inc.
    This file is part of elfutils.
 
    This file is free software; you can redistribute it and/or modify
@@ -163,11 +163,13 @@ read_encoded_value (const Dwarf_CFI *cache, uint8_t encoding, const uint8_t **p,
       break;
 
     case DW_EH_PE_uleb128:
-      get_uleb128 (value, *p);
+      // XXX we trust there is enough data.
+      get_uleb128 (value, *p, *p + len_leb128 (Dwarf_Addr));
       break;
 
     case DW_EH_PE_sleb128:
-      get_sleb128 (value, *p);
+      // XXX we trust there is enough data.
+      get_sleb128 (value, *p, *p + len_leb128 (Dwarf_Addr));
       break;
 
     default:
-- 
cgit v1.2.3