From ebff1e8c9bf66411b29e05b457eb512155283c99 Mon Sep 17 00:00:00 2001
From: Eric Pouech <eric.pouech@gmail.com>
Date: Thu, 2 Sep 2021 11:22:56 +0200
Subject: [PATCH] dbghelp: Harden inspection of Dwarf line number information.

Signed-off-by: Eric Pouech <eric.pouech@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
---
 dlls/dbghelp/dwarf.c  | 7 ++++---
 dlls/dbghelp/source.c | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/dlls/dbghelp/dwarf.c b/dlls/dbghelp/dwarf.c
index 2f8a18cae8d..0479f7c7401 100644
--- a/dlls/dbghelp/dwarf.c
+++ b/dlls/dbghelp/dwarf.c
@@ -2190,6 +2190,7 @@ static BOOL dwarf2_parse_line_numbers(const dwarf2_section_t* sections,
     p = vector_add(&dirs, &ctx->pool);
     *p = compile_dir ? compile_dir : ".";
     while (*traverse.data)
+    while (traverse.data < traverse.end_data && *traverse.data)
     {
         const char*  rel = (const char*)traverse.data;
         unsigned     rellen = strlen(rel);
@@ -2205,7 +2206,7 @@ static BOOL dwarf2_parse_line_numbers(const dwarf2_section_t* sections,
            unsigned  baselen = strlen(compile_dir);
            char*     tmp = pool_alloc(&ctx->pool, baselen + 1 + rellen + 1);
            strcpy(tmp, compile_dir);
-           if (tmp[baselen - 1] != '/') tmp[baselen++] = '/';
+           if (baselen && tmp[baselen - 1] != '/') tmp[baselen++] = '/';
            strcpy(&tmp[baselen], rel);
            *p = tmp;
         }
@@ -2214,7 +2215,7 @@ static BOOL dwarf2_parse_line_numbers(const dwarf2_section_t* sections,
     traverse.data++;
 
     vector_init(&files, sizeof(unsigned), 16);
-    while (*traverse.data)
+    while (traverse.data < traverse.end_data && *traverse.data)
     {
         unsigned int    dir_index, mod_time;
         const char*     name;
@@ -2233,7 +2234,7 @@ static BOOL dwarf2_parse_line_numbers(const dwarf2_section_t* sections,
     }
     traverse.data++;
 
-    while (traverse.data < traverse.end_data)
+    while (traverse.data < traverse.end_data && *traverse.data)
     {
         ULONG_PTR address = 0;
         unsigned file = 1;
diff --git a/dlls/dbghelp/source.c b/dlls/dbghelp/source.c
index 1844eec7838..a78e62a8661 100644
--- a/dlls/dbghelp/source.c
+++ b/dlls/dbghelp/source.c
@@ -78,7 +78,7 @@ unsigned source_new(struct module* module, const char* base, const char* name)
         if (!tmp) return ret;
         full = tmp;
         strcpy(tmp, base);
-        if (tmp[bsz - 1] != '/') tmp[bsz++] = '/';
+        if (bsz && tmp[bsz - 1] != '/') tmp[bsz++] = '/';
         strcpy(&tmp[bsz], name);
     }
     rb_module = module;