Eric Pouech : dbghelp: Protect COFF line number parsing against out of bounds access.

Mon May 21 15:31:08 CDT 2012

Module: wine
Branch: master
Commit: dbd70d09176129b5f76c921e1c6c1e18075319c2
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=dbd70d09176129b5f76c921e1c6c1e18075319c2

Author: Eric Pouech <eric.pouech at orange.fr>
Date:   Sun May 20 09:43:52 2012 +0200

dbghelp: Protect COFF line number parsing against out of bounds access.

---

 dlls/dbghelp/coff.c |   36 ++++++++++++++++++------------------
 1 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/dlls/dbghelp/coff.c b/dlls/dbghelp/coff.c
index 54bd278..9f01fd2 100644
--- a/dlls/dbghelp/coff.c
+++ b/dlls/dbghelp/coff.c
@@ -424,26 +424,26 @@ DECLSPEC_HIDDEN BOOL coff_process_info(const struct msc_debug_info* msc_dbg)
                      * If we have spilled onto the next entrypoint, then
                      * bump the counter..
                      */
-                    for (;;)
+                    for (; l+1 < coff_files.files[j].neps; l++)
                     {
-                        if (l+1 >= coff_files.files[j].neps) break;
-                        symt_get_address(coff_files.files[j].entries[l+1], &addr);
-                        if (((msc_dbg->module->module.BaseOfImage + linepnt->Type.VirtualAddress) < addr))
+                        if (symt_get_address(coff_files.files[j].entries[l+1], &addr) &&
+                            msc_dbg->module->module.BaseOfImage + linepnt->Type.VirtualAddress < addr)
+                        {
+                            if (coff_files.files[j].entries[l+1]->tag == SymTagFunction)
+                            {
+                                /*
+                                 * Add the line number.  This is always relative to the
+                                 * start of the function, so we need to subtract that offset
+                                 * first.
+                                 */
+                                symt_add_func_line(msc_dbg->module,
+                                                   (struct symt_function*)coff_files.files[j].entries[l+1],
+                                                   coff_files.files[j].compiland->source,
+                                                   linepnt->Linenumber,
+                                                   msc_dbg->module->module.BaseOfImage + linepnt->Type.VirtualAddress - addr);
+                            }
                             break;
-                        l++;
-                    }
-
-                    if (coff_files.files[j].entries[l+1]->tag == SymTagFunction)
-                    {
-                        /*
-                         * Add the line number.  This is always relative to the
-                         * start of the function, so we need to subtract that offset
-                         * first.
-                         */
-                        symt_get_address(coff_files.files[j].entries[l+1], &addr);
-                        symt_add_func_line(msc_dbg->module, (struct symt_function*)coff_files.files[j].entries[l+1], 
-                                           coff_files.files[j].compiland->source, linepnt->Linenumber,
-                                           msc_dbg->module->module.BaseOfImage + linepnt->Type.VirtualAddress - addr);
+                        }
                     }
                 }
             }


