+2019-02-02 Mark Wielaard <mark@klomp.org>
+
+ * dwarf_nextcu.c (__libdw_next_unit): Define bytes_end.
+ Check there are enough bytes to read extended lenght, version
+ and unit.
+
2019-01-20 Mark Wielaard <mark@klomp.org>
* dwarf_getsrclines.c (read_srclines): Check terminating NUL byte
beginning of the CU entry. */
const unsigned char *data = dwarf->sectiondata[sec_idx]->d_buf;
const unsigned char *bytes = data + off;
+ const unsigned char *bytes_end = data + dwarf->sectiondata[sec_idx]->d_size;
/* The format of the CU header is described in dwarf2p1 7.5.1 and
changed in DWARFv5 (to include unit type, switch location of some
}
if (length == DWARF3_LENGTH_64_BIT)
- /* This is a 64-bit DWARF format. */
- length = read_8ubyte_unaligned_inc (dwarf, bytes);
+ {
+ /* This is a 64-bit DWARF format. */
+ if (bytes_end - bytes < 8)
+ goto invalid;
+ length = read_8ubyte_unaligned_inc (dwarf, bytes);
+ }
/* Read the version stamp. Always a 16-bit value. */
+ if (bytes_end - bytes < 2)
+ goto invalid;
uint_fast16_t version = read_2ubyte_unaligned_inc (dwarf, bytes);
/* We keep unit_type at zero for older DWARF since we cannot
easily guess whether it is a compile or partial unit. */
uint8_t unit_type = 0;
if (version >= 5)
- unit_type = *bytes++;
+ {
+ if (bytes_end - bytes < 1)
+ goto invalid;
+ unit_type = *bytes++;
+ }
/* All these are optional. */
Dwarf_Off subdie_off = 0;
projects / thirdparty / elfutils.git / commitdiff
