Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in

libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.

Gbp-Pq: Topic external/libunwind
Gbp-Pq: Name 20150704-CVE-2015-3239_dwarf_i.h.patch

diff --git a/external/libunwind/include/dwarf_i.h b/external/libunwind/include/dwarf_i.h
index 0e728457eb64d651ad520598b1270e946dae005c..86dcdb8eb7e76f076bf5b46dbcd6e7b358e1f133 100644 (file)
--- a/external/libunwind/include/dwarf_i.h
+++ b/external/libunwind/include/dwarf_i.h
@@ -20,7 +20,7 @@
 extern const uint8_t dwarf_to_unw_regnum_map[DWARF_REGNUM_MAP_LENGTH];
 /* REG is evaluated multiple times; it better be side-effects free!  */
 # define dwarf_to_unw_regnum(reg)                                        \
-  (((reg) <= DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0)
+  (((reg) < DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0)
 #endif
 
 #ifdef UNW_LOCAL_ONLY