Index: coregrind/m_debuginfo/readdwarf.c
===================================================================
--- valgrind/coregrind/m_debuginfo/readdwarf.c (revision 12871)
+++ valgrind/coregrind/m_debuginfo/readdwarf.c (working copy)
@@ -945,11 +945,11 @@
/* Return abbrev for given code
* Returned pointer points to the tag
* */
-static UChar* lookup_abbrev( UChar* p, UInt acode )
+static UChar* lookup_abbrev( UChar* p, UInt acode, UChar* end_img )
{
UInt code;
UInt name;
- for( ; ; ) {
+ while( p < end_img ) {
code = read_leb128U( &p );
if ( code == acode )
return p;
@@ -959,7 +959,7 @@
name = read_leb128U( &p ); /* name */
read_leb128U( &p ); /* form */
}
- while( name != 0 ); /* until name == form == 0 */
+ while( name != 0 && p < end_img ); /* until name == form == 0 */
}
return NULL;
}
@@ -985,6 +985,7 @@
void read_unitinfo_dwarf2( /*OUT*/UnitInfo* ui,
UChar* unitblock_img,
UChar* debugabbrev_img,
+ Word debug_abbv_sz,
UChar* debugstr_img,
UChar* debugstr_alt_img )
{
@@ -1046,7 +1047,12 @@
* not triggered since we shortcut the parsing once we have
* read the compile_unit block. This should only occur when
* level > 0 */
- abbrev_img = lookup_abbrev( debugabbrev_img + atoffs, acode );
+ abbrev_img = lookup_abbrev( debugabbrev_img + atoffs, acode,
+ debugabbrev_img + debug_abbv_sz );
+ if ( abbrev_img == NULL ) {
+ VG_(printf)( "### unknown abbrev 0x%x\n", acode );
+ break;
+ }
}
tag = read_leb128U( &abbrev_img );
@@ -1056,7 +1062,7 @@
level++;
/* And loop on entries */
- for ( ; ; ) {
+ while( p < end_img ) {
/* Read entry definition */
UInt name, form;
ULong cval = -1LL; /* Constant value read */
@@ -1221,4 +1227,4 @@
read_unitinfo_dwarf2( &ui, block_img,
- debug_abbv_img, debug_str_img,
+ debug_abbv_img, debug_abbv_sz, debug_str_img,
debug_str_alt_img );
if (0)
VG_(printf)( " => LINES=0x%llx NAME=%s DIR=%s\n",