This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Re: [PATCH 1/2 v2] Don't overflow in __libdw_in_section
- From: Mark Wielaard <mark at klomp dot org>
- To: Ulf Hermann <ulf dot hermann at qt dot io>, elfutils-devel at sourceware dot org
- Date: Thu, 14 Dec 2017 14:43:41 +0100
- Subject: Re: [PATCH 1/2 v2] Don't overflow in __libdw_in_section
- Authentication-results: sourceware.org; auth=none
- References: <5ae489eb-3981-24b4-294a-734b1c52731d@qt.io>
Hi Ulf,
(Meta, I have some trouble applying this with git am, it thinks the
patch is malformed. But I can apply by hand of course.)
On Fri, 2017-12-08 at 16:05 +0100, Ulf Hermann wrote:
>
> +2017-05-09 Ulf Hermann <ulf.hermann@qt.io>
> +
> + * libdwP.h: Fix check for the upper border of the range in
> __libdw_in_section.
> +
> 2017-11-03 Mark Wielaard <mark@klomp.org>
> * dwarf_getlocation.c (__libdw_intern_expression): Handle
> diff --git a/libdw/libdwP.h b/libdw/libdwP.h
> index 78c0013..e092d8e 100644
> --- a/libdw/libdwP.h
> +++ b/libdw/libdwP.h
> @@ -643,7 +643,8 @@ __libdw_in_section (Dwarf *dbg, int sec_index,
> if (data == NULL)
> return false;
> if (unlikely (addr < data->d_buf)
> - || unlikely (data->d_size - (addr - data->d_buf) < size))
> + || unlikely (data->d_size < size)
> + || unlikely ((size_t)(addr - data->d_buf) > data->d_size -
> size))
> {
> __libdw_seterrno (DWARF_E_INVALID_OFFSET);
> return false;
The transformation seems correct. But if we can overflow/underflow
here, do we have the same problem in __libdw_offset_in_section where we
check data->d_size - offset < size, with offset a Dwarf_Off?
Thanks,
Mark