Found by afl-fuzz. When printing a DWARF_FORM_block4 we checked there
were only 2 bytes available (copy/paste from DW_FORM_block2 right
before). Obviously we need at least 4 bytes to read the length of a
DW_FORM_block4.
Signed-off-by: Mark Wielaard <mark@klomp.org>
2018-06-12 Mark Wielaard <mark@klomp.org>
+ * readelf.c (print_form_data): Check we have 4, not 2, bytes
+ available for DW_FORM_block4.
+
+2018-06-12 Mark Wielaard <mark@klomp.org>
+
* readelf.c (print_form_data): Don't increase strreadp after use.
Do increase readp for DW_FORM_strx[1234].
break;
case DW_FORM_block4:
- if (readendp - readp < 2)
+ if (readendp - readp < 4)
goto invalid_data;
val = read_4ubyte_unaligned_inc (dbg, readp);
if ((size_t) (readendp - readp) < val)