libdw: Check sibling attribute offset still falls inside CU data.

author Mark Wielaard <mjw@redhat.com>

Sat, 27 Dec 2014 11:13:50 +0000 (12:13 +0100)

committer Mark Wielaard <mjw@redhat.com>

Mon, 12 Jan 2015 21:12:53 +0000 (22:12 +0100)
author Mark Wielaard <mjw@redhat.com>
Sat, 27 Dec 2014 11:13:50 +0000 (12:13 +0100)
committer Mark Wielaard <mjw@redhat.com>
Mon, 12 Jan 2015 21:12:53 +0000 (22:12 +0100)
diff --git a/libdw/ChangeLog b/libdw/ChangeLog

index edafe974d257decb833188484020c437dfd5ace8..fe39dcdc2adfbe01971777221fa0732bf805e062 100644 (file)
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-27  Mark Wielaard  <mjw@redhat.com>
+
+       * dwarf_siblingof.c (dwarf_siblingof): Check sibling attribute offset
+       still falls inside CU data.
+
  2015-01-11  Mark Wielaard  <mjw@redhat.com>
  
         * dwarf_func_inline.c (dwarf_func_inline_instances): Call
diff --git a/libdw/dwarf_siblingof.c b/libdw/dwarf_siblingof.c

index 27830ea450d4eb3dea6dfa5e7419c629c502bcb5..f8241b37738607a922bdefc5385db3bc422e67a6 100644 (file)
--- a/libdw/dwarf_siblingof.c
+++ b/libdw/dwarf_siblingof.c
@@ -79,6 +79,13 @@ dwarf_siblingof (die, result)
             /* Something went wrong.  */
             return -1;
  
+         size_t size = sibattr.cu->endp - sibattr.cu->startp;
+         if (unlikely (offset >= size))
+           {
+             __libdw_seterrno (DWARF_E_INVALID_DWARF);
+             return -1;
+           }
+
           /* Compute the next address.  */
           addr = sibattr.cu->startp + offset;
         }
author	Mark Wielaard <mjw@redhat.com>
	Sat, 27 Dec 2014 11:13:50 +0000 (12:13 +0100)
committer	Mark Wielaard <mjw@redhat.com>
	Mon, 12 Jan 2015 21:12:53 +0000 (22:12 +0100)
libdw/ChangeLog		patch \| blob \| blame \| history
libdw/dwarf_siblingof.c		patch \| blob \| blame \| history