This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] readelf, libdw: Correct .debug_line overflow check for unit_length.

From: Mark Wielaard <mjw at redhat dot com>
To: elfutils-devel at lists dot fedorahosted dot org
Date: Tue, 16 Dec 2014 16:12:08 +0100
Subject: [PATCH] readelf, libdw: Correct .debug_line overflow check for unit_length.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
 libdw/ChangeLog           | 5 +++--
 libdw/dwarf_getsrclines.c | 4 ++--
 src/ChangeLog             | 5 +++++
 src/readelf.c             | 4 ++--
 4 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index 757fb23..0592220 100644
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,6 +1,7 @@
-2014-12-15  Mark Wielaard  <mjw@redhat.com>
+2014-12-16  Mark Wielaard  <mjw@redhat.com>
 
-2014-12-15  Mark Wielaard  <mjw@redhat.com>
+	* dwarf_getsrclines.c (read_srclines): Correct overflow check for
+	unit_length.
 
 2014-12-15  Mark Wielaard  <mjw@redhat.com>
 
diff --git a/libdw/dwarf_getsrclines.c b/libdw/dwarf_getsrclines.c
index d50a17d..d477944 100644
--- a/libdw/dwarf_getsrclines.c
+++ b/libdw/dwarf_getsrclines.c
@@ -113,8 +113,8 @@ read_srclines (Dwarf *dbg,
     }
 
   /* Check whether we have enough room in the section.  */
-  if (unit_length < 2 + length + 5 * 1
-      || unlikely (linep + unit_length > lineendp))
+  if (unlikely (unit_length > (size_t) (lineendp - linep)
+      || unit_length < 2 + length + 5 * 1))
     goto invalid_data;
   lineendp = linep + unit_length;
 
diff --git a/src/ChangeLog b/src/ChangeLog
index 1ca1540..1dc1957 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,10 @@
 2014-12-16  Mark Wielaard  <mjw@redhat.com>
 
+	* readelf.c (print_debug_line_section): Correct overflow check for
+	unit_length.
+
+2014-12-16  Mark Wielaard  <mjw@redhat.com>
+
 	* elfcmp.c (compare_Elf32_Word): Make sure (unsigned) Elf32_Word
 	difference doesn't wrap around before returning as int.
 
diff --git a/src/readelf.c b/src/readelf.c
index e9a356d..3c686d5 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -6357,8 +6357,8 @@ print_debug_line_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr,
 	}
 
       /* Check whether we have enough room in the section.  */
-      if (unit_length < 2 + length + 5 * 1
-	  || unlikely (linep + unit_length > lineendp))
+      if (unlikely (unit_length > (size_t) (lineendp - linep)
+	  || unit_length < 2 + length + 5 * 1))
 	goto invalid_data;
       lineendp = linep + unit_length;
 
-- 
1.8.3.1

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]