1From 1bd9deb9aa19ac2e2fa9665009e0d5924adcf4d3 Mon Sep 17 00:00:00 2001 2From: Aleksei Vetrov <vvvvvv@google.com> 3Date: Thu, 16 Nov 2023 21:29:22 +0000 4Subject: [PATCH] libdw: check offset dwarf_formstring in all cases 5 6This check was initially added to test if offset overflows the safe 7prefix where any string will be null-terminated. However the check 8was placed in a wrong place and didn't cover all `attrp->form` cases. 9 10 * libdw/dwarf_formstring.c (dwarf_formstring): Move offset check 11 right before returning the result. 12 13Signed-off-by: Aleksei Vetrov <vvvvvv@google.com> 14 15diff --git a/libdw/dwarf_formstring.c b/libdw/dwarf_formstring.c 16index 0ee42411..65f03a5e 100644 17--- a/libdw/dwarf_formstring.c 18+++ b/libdw/dwarf_formstring.c 19@@ -173,11 +173,11 @@ dwarf_formstring (Dwarf_Attribute *attrp) 20 off = read_4ubyte_unaligned (dbg, datap); 21 else 22 off = read_8ubyte_unaligned (dbg, datap); 23- 24- if (off >= data_size) 25- goto invalid_offset; 26 } 27 28+ if (off >= data_size) 29+ goto invalid_offset; 30+ 31 return (const char *) data->d_buf + off; 32 } 33 INTDEF(dwarf_formstring) 34-- 352.43.0.rc1.413.gea7ed67945-goog 36 37