From: Mark Wielaard <mjw@redhat.com>
Date: Mon, 15 Dec 2014 14:34:59 +0000 (+0100)
Subject: readelf: Add more bounds checks to print_gdb_index_section.
X-Git-Tag: elfutils-0.161~20
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2323b45d4ee0c4ff6604b60ee3fca5874c149e18;p=thirdparty%2Felfutils.git

readelf: Add more bounds checks to print_gdb_index_section.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---

diff --git a/src/ChangeLog b/src/ChangeLog
index eaf60f0a1..2cf953e68 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2014-12-15  Mark Wielaard  <mjw@redhat.com>
+
+	* readelf.c (print_gdb_index_section): Add more bounds checks.
+
 2014-12-15  Mark Wielaard  <mjw@redhat.com>
 
 	* readelf.c (print_debug_line_section): Check there is enough room
diff --git a/src/readelf.c b/src/readelf.c
index cd8ba869f..41239bcad 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -8048,21 +8048,23 @@ print_gdb_index_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr,
       if (name != 0 || vector != 0)
 	{
 	  const unsigned char *sym = data->d_buf + const_off + name;
-	  if (unlikely (sym > dataend))
+	  if (unlikely (sym > dataend
+			|| memchr (sym, '\0', dataend - sym) == NULL))
 	    goto invalid_data;
 
 	  printf (" [%4zu] symbol: %s, CUs: ", n, sym);
 
 	  const unsigned char *readcus = data->d_buf + const_off + vector;
-	  if (unlikely (readcus + 8 > dataend))
+	  if (unlikely (readcus + 4 > dataend))
 	    goto invalid_data;
-
 	  uint32_t cus = read_4ubyte_unaligned (dbg, readcus);
 	  while (cus--)
 	    {
 	      uint32_t cu_kind, cu, kind;
 	      bool is_static;
 	      readcus += 4;
+	      if (unlikely (readcus + 4 > dataend))
+		goto invalid_data;
 	      cu_kind = read_4ubyte_unaligned (dbg, readcus);
 	      cu = cu_kind & ((1 << 24) - 1);
 	      kind = (cu_kind >> 28) & 7;