Description: Fix CVE-2017-9052 and CVE-2017-9055
Origin: upstream, https://sourceforge.net/p/libdwarf/code/ci/cc37d6917011733d776ae228af4e5d6abe9613c1/
Bug: https://www.prevanders.net/dwarfbug.html#DW201703-006
Bug-Debian: https://bugs.debian.org/864064
Last-Update: 2017-07-08
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/libdwarf/dwarf_form.c
+++ b/libdwarf/dwarf_form.c
@@ -934,6 +934,10 @@
     switch (attr->ar_attribute_form) {
 
     case DW_FORM_data1:
+        if (attr->ar_debug_ptr >= section_end) {
+            _dwarf_error(dbg, error, DW_DLE_DIE_BAD);
+            return DW_DLV_ERROR;
+        }
         *return_sval = (*(Dwarf_Sbyte *) attr->ar_debug_ptr);
         return DW_DLV_OK;
 
--- a/libdwarf/dwarf_query.c
+++ b/libdwarf/dwarf_query.c
@@ -377,7 +377,7 @@
             }
             if (_dwarf_reference_outside_section(die,
                 (Dwarf_Small*) info_ptr,
-                (Dwarf_Small*) info_ptr)) {
+                ((Dwarf_Small*) info_ptr)+1)) {
                 _dwarf_error(dbg, error,DW_DLE_ATTR_OUTSIDE_SECTION);
                 return DW_DLV_ERROR;
             }