mirror/libbacktrace
1
0
Fork 0
mirror of https://github.com/ianlancetaylor/libbacktrace.git synced 2026-04-05 17:09:06 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

libbacktrace: correct buffer overflow tests

Browse Source 
* dwarf.c (resolve_string): Use > rather than >= to check whether
	string index extends past buffer.
	(resolve_addr_index): Similarly for address index.
This commit is contained in:
Ian Lance Taylor
2020-12-02 11:06:40 -08:00
parent f24e9f401f
commit 1da441c1b0
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dwarf.c
View File

@@ -1386,7 +1386,7 @@ resolve_string (const struct dwarf_sections *dwarf_sections, int is_dwarf64,
offset = val->u.uint * (is_dwarf64 ? 8 : 4) + str_offsets_base; offset = val->u.uint * (is_dwarf64 ? 8 : 4) + str_offsets_base;
if (offset + (is_dwarf64 ? 8 : 4) if (offset + (is_dwarf64 ? 8 : 4)
>= dwarf_sections->size[DEBUG_STR_OFFSETS]) > dwarf_sections->size[DEBUG_STR_OFFSETS])
{ {
error_callback (data, "DW_FORM_strx value out of range", 0); error_callback (data, "DW_FORM_strx value out of range", 0);
return 0; return 0;
@@ -1430,7 +1430,7 @@ resolve_addr_index (const struct dwarf_sections *dwarf_sections,
struct dwarf_buf addr_buf; struct dwarf_buf addr_buf;
offset = addr_index * addrsize + addr_base; offset = addr_index * addrsize + addr_base;
if (offset + addrsize >= dwarf_sections->size[DEBUG_ADDR]) if (offset + addrsize > dwarf_sections->size[DEBUG_ADDR])
{ {
error_callback (data, "DW_FORM_addrx value out of range", 0); error_callback (data, "DW_FORM_addrx value out of range", 0);
return 0; return 0;