Signed-off-by: Mark Wielaard <[email protected]> --- src/ChangeLog | 5 +++++ src/readelf.c | 11 +++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/ChangeLog b/src/ChangeLog index 0ae7e46..cc6bf13 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,10 @@ 2014-12-11 Mark Wielaard <[email protected]> + * readelf.c (print_debug_exception_table): Check TType base offset + and Action table are sane. + +2014-12-11 Mark Wielaard <[email protected]> + * readelf.c (print_debug_frame_section): Check number of augmentation chars to print. diff --git a/src/readelf.c b/src/readelf.c index 31a0e0a..fb0440d 100644 --- a/src/readelf.c +++ b/src/readelf.c @@ -7710,7 +7710,8 @@ print_debug_exception_table (Dwfl_Module *dwflmod __attribute__ ((unused)), unsigned int ttype_base_offset; get_uleb128 (ttype_base_offset, readp); printf (" TType base offset: %#x\n", ttype_base_offset); - ttype_base = readp + ttype_base_offset; + if (dataend - readp > ttype_base_offset) + ttype_base = readp + ttype_base_offset; } if (unlikely (readp + 1 > dataend)) @@ -7757,6 +7758,12 @@ print_debug_exception_table (Dwfl_Module *dwflmod __attribute__ ((unused)), { puts ("\n Action table:"); + if (dataend - action_table < max_action + 1) + { + fputs (gettext (" <INVALID DATA>\n"), stdout); + return; + } + const unsigned char *const action_table_end = action_table + max_action + 1; @@ -7784,7 +7791,7 @@ print_debug_exception_table (Dwfl_Module *dwflmod __attribute__ ((unused)), while (readp < action_table_end); } - if (max_ar_filter > 0) + if (max_ar_filter > 0 && ttype_base != NULL) { puts ("\n TType table:"); -- 1.8.3.1
