diff options
Diffstat (limited to 'runtime/unwind.c')
| -rw-r--r-- | runtime/unwind.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/runtime/unwind.c b/runtime/unwind.c index 0b4e6a9e..0e95ba08 100644 --- a/runtime/unwind.c +++ b/runtime/unwind.c @@ -677,6 +677,12 @@ static int unwind_frame(struct unwind_frame_info *frame, state.cieEnd = ptr; /* keep here temporarily */ ptr = (const u8 *)(cie + 2); end = (const u8 *)(cie + 1) + *cie; + + /* end should fall within unwind table. */ + if (((void *)end) < table + || ((void *)end) > ((void *)(table + table_len))) + goto err; + frame->call_frame = 1; if ((state.version = *ptr) != 1) { dbug_unwind(1, "CIE version number is %d. 1 is supported.\n", state.version); @@ -734,6 +740,11 @@ static int unwind_frame(struct unwind_frame_info *frame, state.cieEnd = end; end = (const u8 *)(fde + 1) + *fde; + /* end should fall within unwind table. */ + if (((void*)end) < table + || ((void *)end) > ((void *)(table + table_len))) + goto err; + /* skip augmentation */ if (((const char *)(cie + 2))[1] == 'z') { uleb128_t augSize = get_uleb128(&ptr, end); |