readelf: Add more bounds checks to print_gdb_index_section.

Signed-off-by: Mark Wielaard <mjw@redhat.com>

diff --git a/src/ChangeLog b/src/ChangeLog
index eaf60f0a11f2fa69d0ef116f0c186a5d46aba2bd..2cf953e680e125c1934a7e990f10a850c16c8452 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2014-12-15  Mark Wielaard  <mjw@redhat.com>
+
+       * readelf.c (print_gdb_index_section): Add more bounds checks.
+
 2014-12-15  Mark Wielaard  <mjw@redhat.com>
 
        * readelf.c (print_debug_line_section): Check there is enough room

diff --git a/src/readelf.c b/src/readelf.c
index cd8ba869fe04534c63e9a95f6d3d9f4a7b943b0a..41239bcade5189abaa60600407cadb83c1bed36a 100644 (file)
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -8048,21 +8048,23 @@ print_gdb_index_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr,
       if (name != 0 || vector != 0)
        {
          const unsigned char *sym = data->d_buf + const_off + name;
-         if (unlikely (sym > dataend))
+         if (unlikely (sym > dataend
+                       || memchr (sym, '\0', dataend - sym) == NULL))
            goto invalid_data;
 
          printf (" [%4zu] symbol: %s, CUs: ", n, sym);
 
          const unsigned char *readcus = data->d_buf + const_off + vector;
-         if (unlikely (readcus + 8 > dataend))
+         if (unlikely (readcus + 4 > dataend))
            goto invalid_data;
-
          uint32_t cus = read_4ubyte_unaligned (dbg, readcus);
          while (cus--)
            {
              uint32_t cu_kind, cu, kind;
              bool is_static;
              readcus += 4;
+             if (unlikely (readcus + 4 > dataend))
+               goto invalid_data;
              cu_kind = read_4ubyte_unaligned (dbg, readcus);
              cu = cu_kind & ((1 << 24) - 1);
              kind = (cu_kind >> 28) & 7;