From: Mark Wielaard <mjw@redhat.com>
Date: Thu, 11 Dec 2014 16:21:22 +0000 (+0100)
Subject: readelf: Don't print more augmentation characters than there are.
X-Git-Tag: elfutils-0.161~35
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cd33929347b975cbeb286e2e68cf7775703ab7b2;p=thirdparty%2Felfutils.git

readelf: Don't print more augmentation characters than there are.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---

diff --git a/src/ChangeLog b/src/ChangeLog
index 76244c59a..b24daffbb 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-11  Mark Wielaard  <mjw@redhat.com>
+
+	* readelf.c (print_debug_frame_section): Check number of augmentation
+	chars to print.
+
 2014-12-09  Mark Wielaard  <mjw@redhat.com>
 
 	* readelf.c (handle_file_note): Check count fits data section and
diff --git a/src/readelf.c b/src/readelf.c
index c6d10f7bd..31a0e0a94 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -5490,7 +5490,7 @@ print_debug_frame_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr,
 	      unsigned int augmentationlen;
 	      get_uleb128 (augmentationlen, readp);
 
-	      if (augmentationlen > (size_t) (dataend - readp))
+	      if (augmentationlen > (size_t) (cieend - readp))
 		{
 		  error (0, 0, gettext ("invalid augmentation length"));
 		  readp = cieend;
@@ -5499,7 +5499,7 @@ print_debug_frame_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr,
 
 	      const char *hdr = "Augmentation data:";
 	      const char *cp = augmentation + 1;
-	      while (*cp != '\0')
+	      while (*cp != '\0' && cp < augmentation + augmentationlen + 1)
 		{
 		  printf ("   %-26s%#x ", hdr, *readp);
 		  hdr = "";
@@ -5655,7 +5655,8 @@ print_debug_frame_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr,
 		  const char *hdr = "Augmentation data:";
 		  const char *cp = cie->augmentation + 1;
 		  unsigned int u = 0;
-		  while (*cp != '\0')
+		  while (*cp != '\0'
+			 && cp < cie->augmentation + augmentationlen + 1)
 		    {
 		      if (*cp == 'L')
 			{