dbghelp/dwarf: Validate that a string is in the section boundary before using it.

Signed-off-by: Eric Pouech <eric.pouech@gmail.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

dbghelp/dwarf: Validate that a string is in the section boundary before using it.
3111daa2 · Eric Pouech · Alexandre Julliard · 23f0ebbc · 3111daa2
Commit 3111daa2 authored Sep 11, 2021 by Eric Pouech Committed by Alexandre Julliard Sep 14, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 3 deletions

dwarf.c dlls/dbghelp/dwarf.c +13 -3

No files found.
--- a/dlls/dbghelp/dwarf.c
+++ b/dlls/dbghelp/dwarf.c
@@ -601,9 +601,19 @@ static BOOL dwarf2_fill_attr(const dwarf2_parse_context_t* ctx,
        break;

    case DW_FORM_strp:
-        attr->u.string = (const char*)ctx->sections[section_string].address +
-            dwarf2_get_addr(data, ctx->head.offset_size);
-        TRACE("strp<%s>\n", debugstr_a(attr->u.string));
+        {
+            ULONG_PTR ofs = dwarf2_get_addr(data, ctx->head.offset_size);
+            if (ofs >= ctx->sections[section_string].size)
+            {
+                ERR("Out of bounds string offset (%08lx)\n", ofs);
+                attr->u.string = "<<outofbounds-strp>>";
+            }
+            else
+            {
+                attr->u.string = (const char*)ctx->sections[section_string].address + ofs;
+                TRACE("strp<%s>\n", debugstr_a(attr->u.string));
+            }
+        }
        break;

    case DW_FORM_block: