Hi Aleksei, On Thu, 2023-11-16 at 21:29 +0000, vvv...@google.com wrote: > This check was initially added to test if offset overflows the safe > prefix where any string will be null-terminated. However the check > was placed in a wrong place and didn't cover all `attrp->form` cases. > > * libdw/dwarf_formstring.c (dwarf_formstring): Move offset check > right before returning the result.
Oops. I see how this happened for DW_FORM_strp and DW_FORM_line_strp we use __libdw_read_offset which already check the section offset. But of course those use d_size, not the string_section_size that was setup in elf_begin_elf. So the check is also needed for them. > Signed-off-by: Aleksei Vetrov <vvv...@google.com> > --- > libdw/dwarf_formstring.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/libdw/dwarf_formstring.c b/libdw/dwarf_formstring.c > index 0ee42411..65f03a5e 100644 > --- a/libdw/dwarf_formstring.c > +++ b/libdw/dwarf_formstring.c > @@ -173,11 +173,11 @@ dwarf_formstring (Dwarf_Attribute *attrp) > off = read_4ubyte_unaligned (dbg, datap); > else > off = read_8ubyte_unaligned (dbg, datap); > - > - if (off >= data_size) > - goto invalid_offset; > } > > + if (off >= data_size) > + goto invalid_offset; > + > return (const char *) data->d_buf + off; > } > INTDEF(dwarf_formstring) Applied. Thanks, Mark