From a05f9e4bcef7848bb6e06b8dd76bd61809f176b0 Mon Sep 17 00:00:00 2001
From: Marcus Holland-Moritz <github@mhxnet.de>
Date: Thu, 17 Dec 2020 21:38:44 +0100
Subject: [PATCH] Detect length field overflow in section header

---
 src/dwarfs/fs_section.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/dwarfs/fs_section.cpp b/src/dwarfs/fs_section.cpp
index f6c2fa22..16d08edb 100644
--- a/src/dwarfs/fs_section.cpp
+++ b/src/dwarfs/fs_section.cpp
@@ -108,7 +108,13 @@ void read_section_header_common(T& header, size_t& start, mmif& mm,
 
   offset += sizeof(T);
 
-  if (offset + header.length > mm.size()) {
+  auto end = offset + header.length;
+
+  if (end < offset) {
+    DWARFS_THROW(runtime_error, "offset/length overflow");
+  }
+
+  if (end > mm.size()) {
     DWARFS_THROW(runtime_error, "truncated section data");
   }