From: Mark Wielaard <mjw@redhat.com>
Date: Mon, 24 Nov 2014 20:54:42 +0000 (+0100)
Subject: readelf, libdw: Guard against divide by zero line_range in .debug_line.
X-Git-Tag: elfutils-0.161~65
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=020fc02c554226a914e9dd17394236eabe3f03d3;p=thirdparty%2Felfutils.git

readelf, libdw: Guard against divide by zero line_range in .debug_line.

For DW_LNS_const_add_pc and special opcodes don't accept line_range
being zero.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---

diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index 19d6689cb..37f94df10 100644
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,8 @@
+2014-11-24  Mark Wielaard  <mjw@redhat.com>
+
+	* dwarf_getsrclines.c (read_srclines): Check line_range is not zero
+	before usage.
+
 2014-11-23  Mark Wielaard  <mjw@redhat.com>
 
 	* dwarf_attr.c (dwarf_attr): Check __libdw_find_attr return value.
diff --git a/libdw/dwarf_getsrclines.c b/libdw/dwarf_getsrclines.c
index 15881e8ea..d50374852 100644
--- a/libdw/dwarf_getsrclines.c
+++ b/libdw/dwarf_getsrclines.c
@@ -365,6 +365,9 @@ read_srclines (Dwarf *dbg,
       /* Is this a special opcode?  */
       if (likely (opcode >= opcode_base))
 	{
+	  if (unlikely (line_range == 0))
+	    goto invalid_data;
+
 	  /* Yes.  Handling this is quite easy since the opcode value
 	     is computed with
 
@@ -576,6 +579,9 @@ read_srclines (Dwarf *dbg,
 	      if (unlikely (standard_opcode_lengths[opcode] != 0))
 		goto invalid_data;
 
+	      if (unlikely (line_range == 0))
+		goto invalid_data;
+
 	      advance_pc ((255 - opcode_base) / line_range);
 	      break;
 
diff --git a/src/ChangeLog b/src/ChangeLog
index 19509dc6d..0082e651b 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2014-11-24  Mark Wielaard  <mjw@redhat.com>
+
+	* readelf.c (print_debug_line_section): Check line_range is not zero
+	before usage.
+
 2014-11-23  Mark Wielaard  <mjw@redhat.com>
 
 	* readelf.c (print_debug_aranges_section): Check length to catch
diff --git a/src/readelf.c b/src/readelf.c
index c3ebe7431..00986d1ec 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -6507,6 +6507,9 @@ print_debug_line_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr,
 	  /* Is this a special opcode?  */
 	  if (likely (opcode >= opcode_base))
 	    {
+	      if (unlikely (line_range == 0))
+		goto invalid_unit;
+
 	      /* Yes.  Handling this is quite easy since the opcode value
 		 is computed with
 
@@ -6682,6 +6685,10 @@ print_debug_line_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr,
 
 		case DW_LNS_const_add_pc:
 		  /* Takes no argument.  */
+
+		  if (unlikely (line_range == 0))
+		    goto invalid_unit;
+
 		  advance_pc ((255 - opcode_base) / line_range);
 		  {
 		    char *a = format_dwarf_addr (dwflmod, 0, address, address);