From: Mark Wielaard <mark@klomp.org>
Date: Thu, 6 Jan 2022 15:44:56 +0000 (+0100)
Subject: libdwfl: Fix overflow check in link_map.c read_addrs
X-Git-Tag: elfutils-0.187~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8b9d809568c37c4a6b9225f3c44cadabeb5fa1b0;p=thirdparty%2Felfutils.git

libdwfl: Fix overflow check in link_map.c read_addrs

The buffer_available overflow check wasn't complete. Also check nb
isn't too big.

https://sourceware.org/bugzilla/show_bug.cgi?id=28720

Signed-off-by: Mark Wielaard <mark@klomp.org>
---

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index 149383ad0..f8319f44c 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,7 @@
+2022-01-03  Mark Wielaard  <mark@klomp.org>
+
+	* link_map.c (read_addrs): Fix buffer_available nb overflow.
+
 2021-12-23  Mark Wielaard  <mark@klomp.org>
 
 	* link_map.c (read_addrs): Calculate addr to read by hand.
diff --git a/libdwfl/link_map.c b/libdwfl/link_map.c
index cd9c50422..99222bb99 100644
--- a/libdwfl/link_map.c
+++ b/libdwfl/link_map.c
@@ -257,7 +257,8 @@ read_addrs (struct memory_closure *closure,
   /* Read a new buffer if the old one doesn't cover these words.  */
   if (*buffer == NULL
       || vaddr < *read_vaddr
-      || vaddr - (*read_vaddr) + nb > *buffer_available)
+      || nb > *buffer_available
+      || vaddr - (*read_vaddr) > *buffer_available - nb)
     {
       release_buffer (closure, buffer, buffer_available, 0);