* [PATCH] readelf, libdw: Correct .debug_line overflow check for unit_length.
@ 2014-12-16 15:12 Mark Wielaard
0 siblings, 0 replies; only message in thread
From: Mark Wielaard @ 2014-12-16 15:12 UTC (permalink / raw)
To: elfutils-devel
[-- Attachment #1: Type: text/plain, Size: 2250 bytes --]
Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
libdw/ChangeLog | 5 +++--
libdw/dwarf_getsrclines.c | 4 ++--
src/ChangeLog | 5 +++++
src/readelf.c | 4 ++--
4 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index 757fb23..0592220 100644
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,6 +1,7 @@
-2014-12-15 Mark Wielaard <mjw@redhat.com>
+2014-12-16 Mark Wielaard <mjw@redhat.com>
-2014-12-15 Mark Wielaard <mjw@redhat.com>
+ * dwarf_getsrclines.c (read_srclines): Correct overflow check for
+ unit_length.
2014-12-15 Mark Wielaard <mjw@redhat.com>
diff --git a/libdw/dwarf_getsrclines.c b/libdw/dwarf_getsrclines.c
index d50a17d..d477944 100644
--- a/libdw/dwarf_getsrclines.c
+++ b/libdw/dwarf_getsrclines.c
@@ -113,8 +113,8 @@ read_srclines (Dwarf *dbg,
}
/* Check whether we have enough room in the section. */
- if (unit_length < 2 + length + 5 * 1
- || unlikely (linep + unit_length > lineendp))
+ if (unlikely (unit_length > (size_t) (lineendp - linep)
+ || unit_length < 2 + length + 5 * 1))
goto invalid_data;
lineendp = linep + unit_length;
diff --git a/src/ChangeLog b/src/ChangeLog
index 1ca1540..1dc1957 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,10 @@
2014-12-16 Mark Wielaard <mjw@redhat.com>
+ * readelf.c (print_debug_line_section): Correct overflow check for
+ unit_length.
+
+2014-12-16 Mark Wielaard <mjw@redhat.com>
+
* elfcmp.c (compare_Elf32_Word): Make sure (unsigned) Elf32_Word
difference doesn't wrap around before returning as int.
diff --git a/src/readelf.c b/src/readelf.c
index e9a356d..3c686d5 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -6357,8 +6357,8 @@ print_debug_line_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr,
}
/* Check whether we have enough room in the section. */
- if (unit_length < 2 + length + 5 * 1
- || unlikely (linep + unit_length > lineendp))
+ if (unlikely (unit_length > (size_t) (lineendp - linep)
+ || unit_length < 2 + length + 5 * 1))
goto invalid_data;
lineendp = linep + unit_length;
--
1.8.3.1
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-12-16 15:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-12-16 15:12 [PATCH] readelf, libdw: Correct .debug_line overflow check for unit_length Mark Wielaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).