[COMMITTED] libdw, readelf: Make sure there is enough data to read full aranges header.

public inbox for elfutils@sourceware.org
 help / color / mirror / Atom feed

* [COMMITTED] libdw, readelf: Make sure there is enough data to read full aranges header.
@ 2018-08-18 20:08 Mark Wielaard
  0 siblings, 0 replies; only message in thread
From: Mark Wielaard @ 2018-08-18 20:08 UTC (permalink / raw)
  To: elfutils-devel; +Cc: Mark Wielaard

dwarf_getaranges didn't check if there was enough data left to read both
the address and segment size. readelf didn't check there was enough data
left to read the segment size.

https://sourceware.org/bugzilla/show_bug.cgi?id=23541

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 libdw/ChangeLog          | 5 +++++
 libdw/dwarf_getaranges.c | 4 ++++
 src/ChangeLog            | 5 +++++
 src/readelf.c            | 2 ++
 4 files changed, 16 insertions(+)

diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index cb4f34ed..472d9228 100644
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,8 @@
+2018-08-18  Mark Wielaard  <mark@klomp.org>
+
+	* dwarf_getaranges.c (dwarf_getaranges.c): Make sure there is enough
+	data to read the address and segment size.
+
 2018-07-04  Ross Burton <ross.burton@intel.com>
 
 	* libdw_alloc.c: Remove error.h include.
diff --git a/libdw/dwarf_getaranges.c b/libdw/dwarf_getaranges.c
index bff9c860..de5b81ba 100644
--- a/libdw/dwarf_getaranges.c
+++ b/libdw/dwarf_getaranges.c
@@ -148,6 +148,10 @@ dwarf_getaranges (Dwarf *dbg, Dwarf_Aranges **aranges, size_t *naranges)
 				   length_bytes, &offset, IDX_debug_info, 4))
 	goto fail;
 
+      /* Next up two bytes for address and segment size.  */
+      if (readp + 2 > readendp)
+	goto invalid;
+
       unsigned int address_size = *readp++;
       if (unlikely (address_size != 4 && address_size != 8))
 	goto invalid;
diff --git a/src/ChangeLog b/src/ChangeLog
index 8c89f83d..2f9f7747 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2018-08-18  Mark Wielaard  <mark@klomp.org>
+
+	* readelf.c (print_debug_aranges_section): Make sure there is enough
+	data to read the header segment size.
+
 2018-08-18  Mark Wielaard  <mark@klomp.org>
 
 	* elflint.c (check_sysv_hash): Calculate needed size using unsigned
diff --git a/src/readelf.c b/src/readelf.c
index 7b5707f8..7b488ac5 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -5447,6 +5447,8 @@ print_debug_aranges_section (Dwfl_Module *dwflmod __attribute__ ((unused)),
 	  goto next_table;
 	}
 
+      if (readp + 1 > readendp)
+	goto invalid_data;
       unsigned int segment_size = *readp++;
       printf (gettext (" Segment size:  %6" PRIu64 "\n\n"),
 	      (uint64_t) segment_size);
-- 
2.18.0

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2018-08-18 20:08 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-18 20:08 [COMMITTED] libdw, readelf: Make sure there is enough data to read full aranges header Mark Wielaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).