=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ctfdump/ctfdump.c,v retrieving revision 1.13 retrieving revision 1.14 diff -c -r1.13 -r1.14 *** src/usr.bin/ctfdump/ctfdump.c 2017/10/27 09:22:20 1.13 --- src/usr.bin/ctfdump/ctfdump.c 2017/10/27 09:35:22 1.14 *************** *** 1,4 **** ! /* $OpenBSD: ctfdump.c,v 1.13 2017/10/27 09:22:20 mpi Exp $ */ /* * Copyright (c) 2016 Martin Pieuchot --- 1,4 ---- ! /* $OpenBSD: ctfdump.c,v 1.14 2017/10/27 09:35:22 mpi Exp $ */ /* * Copyright (c) 2016 Martin Pieuchot *************** *** 52,59 **** __dead void usage(void); int ctf_dump(const char *, size_t, uint8_t); ! uint32_t ctf_dump_type(struct ctf_header *, const char *, off_t, ! uint32_t, uint32_t); const char *ctf_kind2name(uint16_t); const char *ctf_enc2name(uint16_t); const char *ctf_fpenc2name(uint16_t); --- 52,59 ---- __dead void usage(void); int ctf_dump(const char *, size_t, uint8_t); ! void ctf_dump_type(struct ctf_header *, const char *, off_t, ! uint32_t, uint32_t *, uint32_t); const char *ctf_kind2name(uint16_t); const char *ctf_enc2name(uint16_t); const char *ctf_fpenc2name(uint16_t); *************** *** 381,389 **** if (flags & DUMP_TYPE) { uint32_t idx = 1, offset = cth->cth_typeoff; ! while (offset < cth->cth_stroff) { ! offset += ctf_dump_type(cth, data, dlen, offset, idx++); } printf("\n"); } --- 381,390 ---- if (flags & DUMP_TYPE) { uint32_t idx = 1, offset = cth->cth_typeoff; + uint32_t stroff = cth->cth_stroff; ! while (offset < stroff) { ! ctf_dump_type(cth, data, dlen, stroff, &offset, idx++); } printf("\n"); } *************** *** 412,422 **** return 0; } ! uint32_t ctf_dump_type(struct ctf_header *cth, const char *data, off_t dlen, ! uint32_t offset, uint32_t idx) { ! const char *p = data + offset; const struct ctf_type *ctt = (struct ctf_type *)p; const struct ctf_array *cta; uint16_t *argp, i, kind, vlen, root; --- 413,423 ---- return 0; } ! void ctf_dump_type(struct ctf_header *cth, const char *data, off_t dlen, ! uint32_t stroff, uint32_t *offset, uint32_t idx) { ! const char *p = data + *offset; const struct ctf_type *ctt = (struct ctf_type *)p; const struct ctf_array *cta; uint16_t *argp, i, kind, vlen, root; *************** *** 487,492 **** --- 488,496 ---- for (i = 0; i < vlen; i++) { struct ctf_member *ctm; + if (toff > (stroff - sizeof(*ctm))) + break; + ctm = (struct ctf_member *)(p + toff); toff += sizeof(struct ctf_member); *************** *** 499,504 **** --- 503,511 ---- for (i = 0; i < vlen; i++) { struct ctf_lmember *ctlm; + if (toff > (stroff - sizeof(*ctlm))) + break; + ctlm = (struct ctf_lmember *)(p + toff); toff += sizeof(struct ctf_lmember); *************** *** 514,519 **** --- 521,529 ---- for (i = 0; i < vlen; i++) { struct ctf_enum *cte; + if (toff > (stroff - sizeof(*cte))) + break; + cte = (struct ctf_enum *)(p + toff); toff += sizeof(struct ctf_enum); *************** *** 530,541 **** printf(" refers to %u", ctt->ctt_type); break; default: ! errx(1, "incorrect type %u at offset %u", kind, offset); } printf("\n"); ! return toff; } const char * --- 540,551 ---- printf(" refers to %u", ctt->ctt_type); break; default: ! errx(1, "incorrect type %u at offset %u", kind, *offset); } printf("\n"); ! *offset += toff; } const char *