readelf: Check TType base offset and Action table are sane in exception table.

Signed-off-by: Mark Wielaard <mjw@redhat.com>

diff --git a/src/ChangeLog b/src/ChangeLog
index b24daffbb104eb417cfc7e359eb30d577a7588d8..141b31f054d678acd044e6cc00414a98cea9ba77 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-11  Mark Wielaard  <mjw@redhat.com>
+
+       * readelf.c (print_debug_exception_table): Check TType base offset
+       and Action table are sane.
+
 2014-12-11  Mark Wielaard  <mjw@redhat.com>
 
        * readelf.c (print_debug_frame_section): Check number of augmentation

diff --git a/src/readelf.c b/src/readelf.c
index 31a0e0a94c301fb3722ba858b3beae9695683494..b62e778f9234d8b11ecc8c8d2f843120ffc44701 100644 (file)
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -7710,7 +7710,8 @@ print_debug_exception_table (Dwfl_Module *dwflmod __attribute__ ((unused)),
       unsigned int ttype_base_offset;
       get_uleb128 (ttype_base_offset, readp);
       printf (" TType base offset:   %#x\n", ttype_base_offset);
-      ttype_base = readp + ttype_base_offset;
+      if ((size_t) (dataend - readp) > ttype_base_offset)
+        ttype_base = readp + ttype_base_offset;
     }
 
   if (unlikely (readp + 1 > dataend))
@@ -7757,6 +7758,12 @@ print_debug_exception_table (Dwfl_Module *dwflmod __attribute__ ((unused)),
     {
       puts ("\n Action table:");
 
+      if ((size_t) (dataend - action_table) < max_action + 1)
+       {
+         fputs (gettext ("   <INVALID DATA>\n"), stdout);
+         return;
+       }
+
       const unsigned char *const action_table_end
        = action_table + max_action + 1;
 
@@ -7784,7 +7791,7 @@ print_debug_exception_table (Dwfl_Module *dwflmod __attribute__ ((unused)),
       while (readp < action_table_end);
     }
 
-  if (max_ar_filter > 0)
+  if (max_ar_filter > 0 && ttype_base != NULL)
     {
       puts ("\n TType table:");