libdw: Make sure there is enough space to read offset in dwarf_getpubnames.

Signed-off-by: Mark Wielaard <mjw@redhat.com>

diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index 0592220d62d8c5f46fe90ed2ab058b94e70f46d3..4f03b736e693a9cc3912f75653dffcb003c13c09 100644 (file)
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-16  Mark Wielaard  <mjw@redhat.com>
+
+       * dwarf_getpubnames.c (dwarf_getpubnames): Make sure there is enough
+       space to read die offset.
+
 2014-12-16  Mark Wielaard  <mjw@redhat.com>
 
        * dwarf_getsrclines.c (read_srclines): Correct overflow check for

diff --git a/libdw/dwarf_getpubnames.c b/libdw/dwarf_getpubnames.c
index 9fbfcbf3d16f10b8056274ca732dbfe354a87919..19f4eae1313d4f388ec8ab523ae09b00c5dbca89 100644 (file)
--- a/libdw/dwarf_getpubnames.c
+++ b/libdw/dwarf_getpubnames.c
@@ -199,6 +199,8 @@ dwarf_getpubnames (dbg, callback, arg, offset)
       while (1)
        {
          /* READP points to the next offset/name pair.  */
+         if (readp + dbg->pubnames_sets[cnt].address_len > endp)
+           goto invalid_dwarf;
          if (dbg->pubnames_sets[cnt].address_len == 4)
            gl.die_offset = read_4ubyte_unaligned_inc (dbg, readp);
          else
@@ -215,6 +217,7 @@ dwarf_getpubnames (dbg, callback, arg, offset)
          readp = (unsigned char *) memchr (gl.name, '\0', endp - readp);
          if (unlikely (readp == NULL))
            {
+           invalid_dwarf:
              __libdw_seterrno (DWARF_E_INVALID_DWARF);
              return -1l;
            }