dwarf_getaranges didn't check if there was enough data left to read both
the address and segment size. readelf didn't check there was enough data
left to read the segment size.
https://sourceware.org/bugzilla/show_bug.cgi?id=23541
Signed-off-by: Mark Wielaard <mark@klomp.org>
+2018-08-18 Mark Wielaard <mark@klomp.org>
+
+ * dwarf_getaranges.c (dwarf_getaranges.c): Make sure there is enough
+ data to read the address and segment size.
+
2018-07-04 Ross Burton <ross.burton@intel.com>
* libdw_alloc.c: Remove error.h include.
length_bytes, &offset, IDX_debug_info, 4))
goto fail;
+ /* Next up two bytes for address and segment size. */
+ if (readp + 2 > readendp)
+ goto invalid;
+
unsigned int address_size = *readp++;
if (unlikely (address_size != 4 && address_size != 8))
goto invalid;
2018-08-18 Mark Wielaard <mark@klomp.org>
+ * readelf.c (print_debug_aranges_section): Make sure there is enough
+ data to read the header segment size.
+
+2018-08-18 Mark Wielaard <mark@klomp.org>
+
* elflint.c (check_sysv_hash): Calculate needed size using unsigned
long long int to prevent overflow.
(check_sysv_hash64): Calculate maxwords used separately before
goto next_table;
}
+ if (readp + 1 > readendp)
+ goto invalid_data;
unsigned int segment_size = *readp++;
printf (gettext (" Segment size: %6" PRIu64 "\n\n"),
(uint64_t) segment_size);