libdwfl: Fix overflow check in link_map.c read_addrs

The buffer_available overflow check wasn't complete. Also check nb
isn't too big.

https://sourceware.org/bugzilla/show_bug.cgi?id=28720

Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index 149383ad0bb37949584070dcfdd483e3b430b6d1..f8319f44c625000216eab97d2a3e0527a61c7d4c 100644 (file)
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,7 @@
+2022-01-03  Mark Wielaard  <mark@klomp.org>
+
+       * link_map.c (read_addrs): Fix buffer_available nb overflow.
+
 2021-12-23  Mark Wielaard  <mark@klomp.org>
 
        * link_map.c (read_addrs): Calculate addr to read by hand.

diff --git a/libdwfl/link_map.c b/libdwfl/link_map.c
index cd9c5042293d311a1886e738a11d40aaa5333be8..99222bb99dce0b0dac753b1e8b167718224459af 100644 (file)
--- a/libdwfl/link_map.c
+++ b/libdwfl/link_map.c
@@ -257,7 +257,8 @@ read_addrs (struct memory_closure *closure,
   /* Read a new buffer if the old one doesn't cover these words.  */
   if (*buffer == NULL
       || vaddr < *read_vaddr
-      || vaddr - (*read_vaddr) + nb > *buffer_available)
+      || nb > *buffer_available
+      || vaddr - (*read_vaddr) > *buffer_available - nb)
     {
       release_buffer (closure, buffer, buffer_available, 0);