From 0c1df732822d83548edd0d005f3450281ed1701b Mon Sep 17 00:00:00 2001
From: Petr Machata <pmachata@redhat.com>
Date: Wed, 6 May 2009 16:25:09 +0200
Subject: [PATCH] __libdw_read_offset* take extra argument for header size
 checks

* also presence of debug data and buffer is checked in __libdw_in_section
---
 libdw/dwarf_formref_die.c |  5 ++---
 libdw/dwarf_formstring.c  |  2 +-
 libdw/dwarf_formudata.c   |  2 +-
 libdw/dwarf_getaranges.c  |  2 +-
 libdw/dwarf_getpubnames.c |  7 +------
 libdw/dwarf_nextcu.c      |  4 ++--
 libdw/libdwP.h            | 28 ++++++++++++++++++++--------
 7 files changed, 28 insertions(+), 22 deletions(-)

diff --git a/libdw/dwarf_formref_die.c b/libdw/dwarf_formref_die.c
index a6ef7e48a..a004a0fd4 100644
--- a/libdw/dwarf_formref_die.c
+++ b/libdw/dwarf_formref_die.c
@@ -72,9 +72,8 @@ dwarf_formref_die (attr, die_mem)
 			  ? attr->cu->address_size
 			  : attr->cu->offset_size);
 
-      if (__libdw_read_offset (attr->cu->dbg,
-			       IDX_debug_info, attr->valp,
-			       ref_size, &offset, IDX_debug_info))
+      if (__libdw_read_offset (attr->cu->dbg, IDX_debug_info, attr->valp,
+			       ref_size, &offset, IDX_debug_info, 0))
 	return NULL;
     }
   else
diff --git a/libdw/dwarf_formstring.c b/libdw/dwarf_formstring.c
index f960f51d2..f95d31b82 100644
--- a/libdw/dwarf_formstring.c
+++ b/libdw/dwarf_formstring.c
@@ -80,7 +80,7 @@ dwarf_formstring (attrp)
 
   uint64_t off;
   if (__libdw_read_offset (dbg, IDX_debug_info, attrp->valp,
-			   attrp->cu->offset_size, &off, IDX_debug_str))
+			   attrp->cu->offset_size, &off, IDX_debug_str, 1))
     return NULL;
 
   return (const char *) dbg->sectiondata[IDX_debug_str]->d_buf + off;
diff --git a/libdw/dwarf_formudata.c b/libdw/dwarf_formudata.c
index 352888513..04f04aae8 100644
--- a/libdw/dwarf_formudata.c
+++ b/libdw/dwarf_formudata.c
@@ -77,7 +77,7 @@ __libdw_formptr (Dwarf_Attribute *attr, int sec_index,
     case DW_FORM_data8:
       if (__libdw_read_offset (attr->cu->dbg, IDX_debug_info, attr->valp,
 			       attr->form == DW_FORM_data4 ? 4 : 8,
-			       &offset, sec_index))
+			       &offset, sec_index, 0))
 	return NULL;
       break;
 
diff --git a/libdw/dwarf_getaranges.c b/libdw/dwarf_getaranges.c
index 7aeb293b7..74f04ea57 100644
--- a/libdw/dwarf_getaranges.c
+++ b/libdw/dwarf_getaranges.c
@@ -151,7 +151,7 @@ dwarf_getaranges (dbg, aranges, naranges)
       Dwarf_Word offset;
       if (__libdw_read_offset_inc (dbg,
 				   IDX_debug_aranges, (unsigned char **)&readp,
-				   length_bytes, &offset, IDX_debug_info))
+				   length_bytes, &offset, IDX_debug_info, 4))
 	return -1;
 
       unsigned int address_size = *readp++;
diff --git a/libdw/dwarf_getpubnames.c b/libdw/dwarf_getpubnames.c
index c16f68384..5560a7588 100644
--- a/libdw/dwarf_getpubnames.c
+++ b/libdw/dwarf_getpubnames.c
@@ -102,7 +102,6 @@ get_offsets (Dwarf *dbg)
       else if (unlikely (len >= DWARF3_LENGTH_MIN_ESCAPE_CODE
 			 && len <= DWARF3_LENGTH_MAX_ESCAPE_CODE))
 	{
-	invalid_dwarf:
 	  __libdw_seterrno (DWARF_E_INVALID_DWARF);
 	  goto err_return;
 	}
@@ -125,15 +124,11 @@ get_offsets (Dwarf *dbg)
 
       /* Get the CU offset.  */
       if (__libdw_read_offset (dbg, IDX_debug_pubnames, readp + 2, len_bytes,
-			       &mem[cnt].cu_offset, IDX_debug_info))
+			       &mem[cnt].cu_offset, IDX_debug_info, 3))
 	/* Error has been already set in reader.  */
 	goto err_return;
 
       /* Determine the size of the CU header.  */
-      if (unlikely (dbg->sectiondata[IDX_debug_info] == NULL
-		    || dbg->sectiondata[IDX_debug_info]->d_buf == NULL))
-	goto invalid_dwarf;
-
       unsigned char *infop
 	= ((unsigned char *) dbg->sectiondata[IDX_debug_info]->d_buf
 	   + mem[cnt].cu_offset);
diff --git a/libdw/dwarf_nextcu.c b/libdw/dwarf_nextcu.c
index 91cd3f2ed..66cde78a5 100644
--- a/libdw/dwarf_nextcu.c
+++ b/libdw/dwarf_nextcu.c
@@ -145,8 +145,8 @@ dwarf_nextcu (dwarf, off, next_off, header_sizep, abbrev_offsetp,
   /* Get offset in .debug_abbrev.  Note that the size of the entry
      depends on whether this is a 32-bit or 64-bit DWARF definition.  */
   uint64_t abbrev_offset;
-  if (__libdw_read_offset_inc (dwarf, IDX_debug_info, &bytes,
-			       offset_size, &abbrev_offset, IDX_debug_abbrev))
+  if (__libdw_read_offset_inc (dwarf, IDX_debug_info, &bytes, offset_size,
+			       &abbrev_offset, IDX_debug_abbrev, 0))
     return -1;
 
   if (abbrev_offsetp != NULL)
diff --git a/libdw/libdwP.h b/libdw/libdwP.h
index 5fe3f1959..b8e105122 100644
--- a/libdw/libdwP.h
+++ b/libdw/libdwP.h
@@ -448,12 +448,17 @@ __libdw_relocate_offset (Dwarf *dbg __attribute__ ((unused)),
 
 static inline bool
 __libdw_in_section (Dwarf *dbg, int sec_index,
-		    unsigned char *addr, int width)
+		    unsigned char *addr, int size)
 {
   Elf_Data *data = dbg->sectiondata[sec_index];
+  if (data == NULL || data->d_buf == NULL)
+    {
+      __libdw_seterrno (DWARF_E_INVALID_DWARF);
+      return false;
+    }
 
   if ((void *) addr < data->d_buf
-      || (void *) addr + width > data->d_buf + data->d_size)
+      || (void *) addr + size > data->d_buf + data->d_size)
     {
       __libdw_seterrno (DWARF_E_INVALID_OFFSET);
       return false;
@@ -464,10 +469,15 @@ __libdw_in_section (Dwarf *dbg, int sec_index,
 
 static inline bool
 __libdw_offset_in_section (Dwarf *dbg, int sec_index,
-			   Dwarf_Off offset, int width)
+			   Dwarf_Off offset, int size)
 {
   Elf_Data *data = dbg->sectiondata[sec_index];
-  return __libdw_in_section (dbg, sec_index, data->d_buf + offset, width);
+  if (data == NULL || data->d_buf == NULL)
+    {
+      __libdw_seterrno (DWARF_E_INVALID_DWARF);
+      return false;
+    }
+  return __libdw_in_section (dbg, sec_index, data->d_buf + offset, size);
 }
 
 #define READ_AND_RELOCATE(RELOC_HOOK, VAL)				\
@@ -503,12 +513,13 @@ __libdw_read_address_inc (Dwarf *dbg,
 static inline int
 __libdw_read_offset_inc (Dwarf *dbg,
 			 int sec_index, unsigned char **addr,
-			 int width, Dwarf_Off *ret, int sec_ret)
+			 int width, Dwarf_Off *ret, int sec_ret,
+			 int size)
 {
   Dwarf_Off val;
   READ_AND_RELOCATE (__libdw_relocate_offset, val);
 
-  if (!__libdw_offset_in_section (dbg, sec_ret, val, width))
+  if (!__libdw_offset_in_section (dbg, sec_ret, val, size))
     return -1;
 
   *ret = val;
@@ -543,10 +554,11 @@ __libdw_read_address (Dwarf *dbg,
 static inline int
 __libdw_read_offset (Dwarf *dbg,
 		     int sec_index, const unsigned char *addr,
-		     int width, Dwarf_Off *ret, int sec_ret)
+		     int width, Dwarf_Off *ret, int sec_ret,
+		     int size)
 {
   return __libdw_read_offset_inc (dbg, sec_index, (unsigned char **)&addr,
-				  width, ret, sec_ret);
+				  width, ret, sec_ret, size);
 }
 
 
-- 
2.47.2