From: Mark Wielaard <mjw@redhat.com>
Date: Tue, 16 Dec 2014 15:41:19 +0000 (+0100)
Subject: libdw: Make sure there is enough space to read offset in dwarf_getpubnames.
X-Git-Tag: elfutils-0.161~14
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7f9ea70d2be1d8c43eeff24b7efaf933c865fd0d;p=thirdparty%2Felfutils.git

libdw: Make sure there is enough space to read offset in dwarf_getpubnames.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---

diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index 0592220d6..4f03b736e 100644
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-16  Mark Wielaard  <mjw@redhat.com>
+
+	* dwarf_getpubnames.c (dwarf_getpubnames): Make sure there is enough
+	space to read die offset.
+
 2014-12-16  Mark Wielaard  <mjw@redhat.com>
 
 	* dwarf_getsrclines.c (read_srclines): Correct overflow check for
diff --git a/libdw/dwarf_getpubnames.c b/libdw/dwarf_getpubnames.c
index 9fbfcbf3d..19f4eae13 100644
--- a/libdw/dwarf_getpubnames.c
+++ b/libdw/dwarf_getpubnames.c
@@ -199,6 +199,8 @@ dwarf_getpubnames (dbg, callback, arg, offset)
       while (1)
 	{
 	  /* READP points to the next offset/name pair.  */
+	  if (readp + dbg->pubnames_sets[cnt].address_len > endp)
+	    goto invalid_dwarf;
 	  if (dbg->pubnames_sets[cnt].address_len == 4)
 	    gl.die_offset = read_4ubyte_unaligned_inc (dbg, readp);
 	  else
@@ -215,6 +217,7 @@ dwarf_getpubnames (dbg, callback, arg, offset)
 	  readp = (unsigned char *) memchr (gl.name, '\0', endp - readp);
 	  if (unlikely (readp == NULL))
 	    {
+	    invalid_dwarf:
 	      __libdw_seterrno (DWARF_E_INVALID_DWARF);
 	      return -1l;
 	    }