From a17c2c0917901ffa542ac4d3e327d46742219e04 Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mark@klomp.org>
Date: Tue, 22 Jan 2019 15:55:18 +0100
Subject: readelf: Don't go past end of line data reading unknown opcode
 parameters.

https://sourceware.org/bugzilla/show_bug.cgi?id=24116

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 src/ChangeLog | 5 +++++
 src/readelf.c | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index 4ad12a96..0ea106c5 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2019-01-22  Mark Wielaard  <mark@klomp.org>
+
+	* readelf.c (print_debug_line_section): Check we are not at end of
+	line data when reading parameters for unknown opcodes.
+
 2019-01-20  Mark Wielaard  <mark@klomp.org>
 
 	* readelf.c (print_debug_line_section): Check terminating NUL byte
diff --git a/src/readelf.c b/src/readelf.c
index 6bad3bfe..e3e699c4 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -8845,7 +8845,8 @@ print_debug_line_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr,
 				" unknown opcode with %" PRIu8 " parameters:",
 				standard_opcode_lengths[opcode]),
 		      standard_opcode_lengths[opcode]);
-	      for (int n = standard_opcode_lengths[opcode]; n > 0; --n)
+	      for (int n = standard_opcode_lengths[opcode];
+		   n > 0 && linep < lineendp; --n)
 		{
 		  get_uleb128 (u128, linep, lineendp);
 		  if (n != standard_opcode_lengths[opcode])
-- 
cgit v1.2.3