aboutsummaryrefslogtreecommitdiff
path: root/libctf
diff options
context:
space:
mode:
Diffstat (limited to 'libctf')
-rw-r--r--libctf/ChangeLog6
-rw-r--r--libctf/ctf-lookup.c10
2 files changed, 13 insertions, 3 deletions
diff --git a/libctf/ChangeLog b/libctf/ChangeLog
index 32268f8..c5d52f2 100644
--- a/libctf/ChangeLog
+++ b/libctf/ChangeLog
@@ -1,5 +1,11 @@
2021-03-25 Nick Alcock <nick.alcock@oracle.com>
+ PR libctf/27628
+ * ctf-lookup.c (isqualifier): Don't dereference out-of-bounds
+ qhash values.
+
+2021-03-25 Nick Alcock <nick.alcock@oracle.com>
+
* ctf-open-bfd.c (ctf_bfdopen_ctfsect): Initialize debugging.
2021-03-25 Nick Alcock <nick.alcock@oracle.com>
diff --git a/libctf/ctf-lookup.c b/libctf/ctf-lookup.c
index 9d1e6d8..fe66bc4 100644
--- a/libctf/ctf-lookup.c
+++ b/libctf/ctf-lookup.c
@@ -111,10 +111,14 @@ isqualifier (const char *s, size_t len)
};
int h = s[len - 1] + (int) len - 105;
- const struct qual *qp = &qhash[h];
+ const struct qual *qp;
- return (h >= 0 && (size_t) h < sizeof (qhash) / sizeof (qhash[0])
- && (size_t) len == qp->q_len &&
+ if (h < 0 || (size_t) h >= sizeof (qhash) / sizeof (qhash[0]))
+ return 0;
+
+ qp = &qhash[h];
+
+ return ((size_t) len == qp->q_len &&
strncmp (qp->q_name, s, qp->q_len) == 0);
}