[PATCH] [DbgHelp]: when parsing .debug_line section in dwarf debug info, protect against out of bounds indexes
Eric Pouech
eric.pouech at orange.fr
Sat Mar 19 10:58:27 CDT 2011
(covers #25920)
A+
---
dlls/dbghelp/dwarf.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/dlls/dbghelp/dwarf.c b/dlls/dbghelp/dwarf.c
index 1d5aa17..5596c45 100644
--- a/dlls/dbghelp/dwarf.c
+++ b/dlls/dbghelp/dwarf.c
@@ -2116,6 +2116,11 @@ static BOOL dwarf2_parse_line_numbers(const dwarf2_section_t* sections,
if (sections[section_line].address == IMAGE_NO_MAP)
return FALSE;
+ if (offset + 4 > sections[section_line].size)
+ {
+ WARN("out of bounds offset\n");
+ return FALSE;
+ }
traverse.data = sections[section_line].address + offset;
traverse.end_data = traverse.data + 4;
traverse.word_size = ctx->module->format_info[DFI_DWARF]->u.dwarf2_info->word_size;
@@ -2123,6 +2128,11 @@ static BOOL dwarf2_parse_line_numbers(const dwarf2_section_t* sections,
length = dwarf2_parse_u4(&traverse);
traverse.end_data = sections[section_line].address + offset + length;
+ if (offset + 4 + length > sections[section_line].size)
+ {
+ WARN("out of bounds header\n");
+ return FALSE;
+ }
version = dwarf2_parse_u2(&traverse);
header_len = dwarf2_parse_u4(&traverse);
insn_size = dwarf2_parse_byte(&traverse);
More information about the wine-patches
mailing list