]> git.ipfire.org Git - thirdparty/elfutils.git/commitdiff
projects / thirdparty / elfutils.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6a8a9e3)
readelf,libdw: Correct .debug_line overflow check for unit_length.
authorMark Wielaard <mjw@redhat.com>
Tue, 16 Dec 2014 15:10:28 +0000 (16:10 +0100)
committerMark Wielaard <mjw@redhat.com>
Wed, 17 Dec 2014 15:48:36 +0000 (16:48 +0100)
Signed-off-by: Mark Wielaard <mjw@redhat.com>
libdw/ChangeLog patch | blob | blame | history
libdw/dwarf_getsrclines.c patch | blob | blame | history
src/ChangeLog patch | blob | blame | history
src/readelf.c patch | blob | blame | history

diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index f1f7b1d16b21312d32ad8b62627ad1f0866ca1e8..0592220d62d8c5f46fe90ed2ab058b94e70f46d3 100644 (file)
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-16  Mark Wielaard  <mjw@redhat.com>
+
+       * dwarf_getsrclines.c (read_srclines): Correct overflow check for
+       unit_length.
+
 2014-12-15  Mark Wielaard  <mjw@redhat.com>
 
        * dwarf_getpubnames.c (get_offsets): Make sure whole unit fall inside
diff --git a/libdw/dwarf_getsrclines.c b/libdw/dwarf_getsrclines.c
index d50a17d52a4dff354b9d172256619e2b7f146fb5..d477944669779a02f7b0b2fd04b615a9293d9d98 100644 (file)
--- a/libdw/dwarf_getsrclines.c
+++ b/libdw/dwarf_getsrclines.c
@@ -113,8 +113,8 @@ read_srclines (Dwarf *dbg,
     }
 
   /* Check whether we have enough room in the section.  */
-  if (unit_length < 2 + length + 5 * 1
-      || unlikely (linep + unit_length > lineendp))
+  if (unlikely (unit_length > (size_t) (lineendp - linep)
+      || unit_length < 2 + length + 5 * 1))
     goto invalid_data;
   lineendp = linep + unit_length;
 
diff --git a/src/ChangeLog b/src/ChangeLog
index f401c3539cdff8b40c5a4ca98fa665f6fe43dbd3..112af1916dd83665f9cd10c31527409a22f08549 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-16  Mark Wielaard  <mjw@redhat.com>
+
+       * readelf.c (print_debug_line_section): Correct overflow check for
+       unit_length.
+
 2014-12-15  Mark Wielaard  <mjw@redhat.com>
 
        * readelf.c (notice_listptr): Return false if offset doesn't fit
diff --git a/src/readelf.c b/src/readelf.c
index e9a356d1f3921db503bb110b8feb1c02e88a8bb3..3c686d5c43895313f79b446da9e640cfb07f3944 100644 (file)
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -6357,8 +6357,8 @@ print_debug_line_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr,
        }
 
       /* Check whether we have enough room in the section.  */
-      if (unit_length < 2 + length + 5 * 1
-         || unlikely (linep + unit_length > lineendp))
+      if (unlikely (unit_length > (size_t) (lineendp - linep)
+         || unit_length < 2 + length + 5 * 1))
        goto invalid_data;
       lineendp = linep + unit_length;
 
Mirror of https://sourceware.org/git/elfutils.git