This is the mail archive of the mailing list for the elfutils project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug tools/24116] A Heap-buffer-overflow problem was discovered in the function print_debug_line_section in readelf.c

Mark Wielaard <mark at klomp dot org> changed:

           What    |Removed                     |Added
             Status|UNCONFIRMED                 |RESOLVED
                 CC|                            |mark at klomp dot org
         Resolution|---                         |FIXED

--- Comment #3 from Mark Wielaard <mark at klomp dot org> ---
Yeah, we should check the unknown parameters are actually there.
Luckily other checks make sure we don't read more than one byte past the end of
the data.

commit a17c2c0917901ffa542ac4d3e327d46742219e04
Author: Mark Wielaard <>
Date:   Tue Jan 22 15:55:18 2019 +0100

    readelf: Don't go past end of line data reading unknown opcode parameters.

    Signed-off-by: Mark Wielaard <>

diff --git a/src/readelf.c b/src/readelf.c
index 6bad3bf..e3e699c 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -8845,7 +8845,8 @@ print_debug_line_section (Dwfl_Module *dwflmod, Ebl *ebl,
GElf_Ehdr *ehdr,
                                " unknown opcode with %" PRIu8 " parameters:",
-             for (int n = standard_opcode_lengths[opcode]; n > 0; --n)
+             for (int n = standard_opcode_lengths[opcode];
+                  n > 0 && linep < lineendp; --n)
                  get_uleb128 (u128, linep, lineendp);
                  if (n != standard_opcode_lengths[opcode])

You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]