From 59ca97b7df413588d6b004783d5d922ed1fded02 Mon Sep 17 00:00:00 2001 From: Sharad Boni Date: Wed, 15 Apr 2026 15:32:10 -0700 Subject: [PATCH 1/2] Fix heap-buffer-overflow in DWARF v5 line info parser Add bounds check for directory_index in the DWARF v5 file name parsing path, matching the existing validation in the DWARF v4 path. Without this check, a crafted ELF with an out-of-range directory_index causes an out-of-bounds read in GetExpandedFilename(). --- src/dwarf/line_info.cc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/dwarf/line_info.cc b/src/dwarf/line_info.cc index 1b83e5e6..a3630dbc 100644 --- a/src/dwarf/line_info.cc +++ b/src/dwarf/line_info.cc @@ -264,6 +264,9 @@ void LineInfoReader::SeekToOffset(uint64_t offset, uint8_t address_size) { } } } + if (file_name.directory_index >= include_directories_.size()) { + THROW("directory index out of range"); + } filenames_.push_back(file_name); } } From e5c279647f1d0d11a6a1ff41a804560fcec21275 Mon Sep 17 00:00:00 2001 From: Sharad Boni Date: Wed, 15 Apr 2026 15:51:38 -0700 Subject: [PATCH 2/2] Retrigger CI checks