Eric Pouech : dbghelp: When parsing .debug_line section in dwarf debug info , protect against out of bounds indexes.
Alexandre Julliard
julliard at winehq.org
Mon Mar 28 14:21:55 CDT 2011
Module: wine
Branch: master
Commit: 4220cd660866d5c072b960ea27ba314f104575b4
URL: http://source.winehq.org/git/wine.git/?a=commit;h=4220cd660866d5c072b960ea27ba314f104575b4
Author: Eric Pouech <eric.pouech at orange.fr>
Date: Sat Mar 19 16:58:27 2011 +0100
dbghelp: When parsing .debug_line section in dwarf debug info, protect against out of bounds indexes.
---
dlls/dbghelp/dwarf.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/dlls/dbghelp/dwarf.c b/dlls/dbghelp/dwarf.c
index 1d5aa17..5596c45 100644
--- a/dlls/dbghelp/dwarf.c
+++ b/dlls/dbghelp/dwarf.c
@@ -2116,6 +2116,11 @@ static BOOL dwarf2_parse_line_numbers(const dwarf2_section_t* sections,
if (sections[section_line].address == IMAGE_NO_MAP)
return FALSE;
+ if (offset + 4 > sections[section_line].size)
+ {
+ WARN("out of bounds offset\n");
+ return FALSE;
+ }
traverse.data = sections[section_line].address + offset;
traverse.end_data = traverse.data + 4;
traverse.word_size = ctx->module->format_info[DFI_DWARF]->u.dwarf2_info->word_size;
@@ -2123,6 +2128,11 @@ static BOOL dwarf2_parse_line_numbers(const dwarf2_section_t* sections,
length = dwarf2_parse_u4(&traverse);
traverse.end_data = sections[section_line].address + offset + length;
+ if (offset + 4 + length > sections[section_line].size)
+ {
+ WARN("out of bounds header\n");
+ return FALSE;
+ }
version = dwarf2_parse_u2(&traverse);
header_len = dwarf2_parse_u4(&traverse);
insn_size = dwarf2_parse_byte(&traverse);
More information about the wine-cvs
mailing list