From ee5693b9dbc9836df7fd9ca9e988464f43a55312 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Thu, 11 Dec 2014 18:26:09 +0100 Subject: [PATCH] readelf: Check TType base offset and Action table are sane in exception table. Signed-off-by: Mark Wielaard --- src/ChangeLog | 5 +++++ src/readelf.c | 11 +++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index b24daffbb..141b31f05 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2014-12-11 Mark Wielaard + + * readelf.c (print_debug_exception_table): Check TType base offset + and Action table are sane. + 2014-12-11 Mark Wielaard * readelf.c (print_debug_frame_section): Check number of augmentation diff --git a/src/readelf.c b/src/readelf.c index 31a0e0a94..b62e778f9 100644 --- a/src/readelf.c +++ b/src/readelf.c @@ -7710,7 +7710,8 @@ print_debug_exception_table (Dwfl_Module *dwflmod __attribute__ ((unused)), unsigned int ttype_base_offset; get_uleb128 (ttype_base_offset, readp); printf (" TType base offset: %#x\n", ttype_base_offset); - ttype_base = readp + ttype_base_offset; + if ((size_t) (dataend - readp) > ttype_base_offset) + ttype_base = readp + ttype_base_offset; } if (unlikely (readp + 1 > dataend)) @@ -7757,6 +7758,12 @@ print_debug_exception_table (Dwfl_Module *dwflmod __attribute__ ((unused)), { puts ("\n Action table:"); + if ((size_t) (dataend - action_table) < max_action + 1) + { + fputs (gettext (" \n"), stdout); + return; + } + const unsigned char *const action_table_end = action_table + max_action + 1; @@ -7784,7 +7791,7 @@ print_debug_exception_table (Dwfl_Module *dwflmod __attribute__ ((unused)), while (readp < action_table_end); } - if (max_ar_filter > 0) + if (max_ar_filter > 0 && ttype_base != NULL) { puts ("\n TType table:"); -- 2.47.3