From: Aleksei Vetrov <vvv...@google.com>
This check was initially added to test if offset overflows the safe
prefix where any string will be null-terminated. However the check
was placed in a wrong place and didn't cover all `attrp->form` cases.
* libdw/dwarf_formstring.c (dwarf_formstring): Move offset check
right before returning the result.
Signed-off-by: Aleksei Vetrov <vvv...@google.com>
---
libdw/dwarf_formstring.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libdw/dwarf_formstring.c b/libdw/dwarf_formstring.c
index 0ee42411..65f03a5e 100644
--- a/libdw/dwarf_formstring.c
+++ b/libdw/dwarf_formstring.c
@@ -173,11 +173,11 @@ dwarf_formstring (Dwarf_Attribute *attrp)
off = read_4ubyte_unaligned (dbg, datap);
else
off = read_8ubyte_unaligned (dbg, datap);
-
- if (off >= data_size)
- goto invalid_offset;
}
+ if (off >= data_size)
+ goto invalid_offset;
+
return (const char *) data->d_buf + off;
}
INTDEF(dwarf_formstring)
--
2.43.0.rc1.413.gea7ed67945-goog
