This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
[PATCH 2/2] Don't overflow in __libdw_in_section
- From: Ulf Hermann <ulf dot hermann at qt dot io>
- To: <elfutils-devel at sourceware dot org>
- Date: Tue, 9 May 2017 18:28:33 +0200
- Subject: [PATCH 2/2] Don't overflow in __libdw_in_section
- Authentication-results: sourceware.org; auth=none
- Authentication-results: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=qt.io;
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qtcompany.onmicrosoft.com; s=selector1-qt-io; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=r17+6kwWBTWcuRekfgZ1YV/d6IJdO/RnFlyI9A/Z+OU=; b=dOFZNI8YacJchuwn3+USq/y+t1BVhiIMAPjs8lWZkIjNTdMv1JQqWB4K2JehpvrRzznt/tmteHiCi7d/0W6FonuBWBvNLWP6+e0qH72Oi0BUHJd6CwbMqALLhKhVqY0NNcSt8UOnhu9ticmQk54ziI2Je+2wXxRuVcahmQQvuX8=
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
This exposes a bug in dwarf_formstring as detected by the dwarf-getmacros
test. We cannot unconditionally assume that a string is in either the
IDX_debug_info or the IDX_debug_types section as determined by
cu_sec_idx.
Signed-off-by: Ulf Hermann <ulf.hermann@qt.io>
---
libdw/ChangeLog | 4 ++++
libdw/libdwP.h | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index 665c232..a5c1ff0 100644
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,5 +1,9 @@
2017-05-09 Ulf Hermann <ulf.hermann@qt.io>
+ * libdwP.h: Fix check for the upper border of the range in __libdw_in_section.
+
+2017-05-09 Ulf Hermann <ulf.hermann@qt.io>
+
* dwarf_getmacros.c: Initialize type_offset of the fake CU.
2017-02-28 Ulf Hermann <ulf.hermann@qt.io>
diff --git a/libdw/libdwP.h b/libdw/libdwP.h
index cefcafd..b87a94b 100644
--- a/libdw/libdwP.h
+++ b/libdw/libdwP.h
@@ -642,7 +642,8 @@ __libdw_in_section (Dwarf *dbg, int sec_index,
if (data == NULL)
return false;
if (unlikely (addr < data->d_buf)
- || unlikely (data->d_size - (addr - data->d_buf) < size))
+ || unlikely (data->d_size < size)
+ || unlikely ((size_t)(addr - data->d_buf) > data->d_size - size))
{
__libdw_seterrno (DWARF_E_INVALID_OFFSET);
return false;
--
2.1.4