diff options
Diffstat (limited to 'libctf')
-rw-r--r-- | libctf/ChangeLog | 6 | ||||
-rw-r--r-- | libctf/ctf-lookup.c | 10 |
2 files changed, 13 insertions, 3 deletions
diff --git a/libctf/ChangeLog b/libctf/ChangeLog index 32268f8..c5d52f2 100644 --- a/libctf/ChangeLog +++ b/libctf/ChangeLog @@ -1,5 +1,11 @@ 2021-03-25 Nick Alcock <nick.alcock@oracle.com> + PR libctf/27628 + * ctf-lookup.c (isqualifier): Don't dereference out-of-bounds + qhash values. + +2021-03-25 Nick Alcock <nick.alcock@oracle.com> + * ctf-open-bfd.c (ctf_bfdopen_ctfsect): Initialize debugging. 2021-03-25 Nick Alcock <nick.alcock@oracle.com> diff --git a/libctf/ctf-lookup.c b/libctf/ctf-lookup.c index 9d1e6d8..fe66bc4 100644 --- a/libctf/ctf-lookup.c +++ b/libctf/ctf-lookup.c @@ -111,10 +111,14 @@ isqualifier (const char *s, size_t len) }; int h = s[len - 1] + (int) len - 105; - const struct qual *qp = &qhash[h]; + const struct qual *qp; - return (h >= 0 && (size_t) h < sizeof (qhash) / sizeof (qhash[0]) - && (size_t) len == qp->q_len && + if (h < 0 || (size_t) h >= sizeof (qhash) / sizeof (qhash[0])) + return 0; + + qp = &qhash[h]; + + return ((size_t) len == qp->q_len && strncmp (qp->q_name, s, qp->q_len) == 0); } |