fix #2971 - null deref dwarf_process.c

librz/analysis/dwarf_process.c

@@ -1239,13 +1239,15 @@ static st32 parse_function_args_and_vars(Context *ctx, ut64 idx, RzStrBuf *args,
 					const RzBinDwarfAttrValue *val = &child_die->attr_values[i];
 					switch (val->attr_name) {
 					case DW_AT_name:
-						if (!get_linkage_name || !has_linkage_name) {
+						if ((!get_linkage_name || !has_linkage_name) && val->kind == DW_AT_KIND_STRING) {
 							name = val->string.content;
 						}
 						break;
 					case DW_AT_linkage_name:
 					case DW_AT_MIPS_linkage_name:
-						name = val->string.content;
+						if (val->kind == DW_AT_KIND_STRING) {
+							name = val->string.content;
+						}
 						has_linkage_name = true;
 						break;
 					case DW_AT_type:

librz/bin/dwarf.c

@@ -1215,7 +1215,7 @@ static int init_die(RzBinDwarfDie *die, ut64 abbr_code, ut64 attr_count) {
 		return -1;
 	}
 	if (attr_count) {
-		die->attr_values = calloc(sizeof(RzBinDwarfAttrValue), attr_count);
+		die->attr_values = RZ_NEWS0(RzBinDwarfAttrValue, attr_count);
 		if (!die->attr_values) {
 			return -1;
 		}
@@ -1725,7 +1725,7 @@ static const ut8 *parse_die(const ut8 *buf, const ut8 *buf_end, RzBinDwarfDebugI
 	const char *comp_dir = NULL;
 	ut64 line_info_offset = UT64_MAX;
 	if (abbrev->count) {
-		for (i = 0; i < abbrev->count - 1; i++) {
+		for (i = 0; i < abbrev->count - 1 && die->count < die->capacity; i++) {
 			memset(&die->attr_values[i], 0, sizeof(die->attr_values[i]));
 
 			buf = parse_attr_value(buf, buf_end - buf, &abbrev->defs[i],

librz/include/rz_bin_dwarf.h

@@ -679,8 +679,8 @@ typedef struct {
 } RzBinDwarfAttrDef;
 
 typedef struct {
-	ut64 length;
 	ut8 *data;
+	ut64 length;
 } RzBinDwarfBlock;
 
 // http://www.dwarfstd.org/doc/DWARF4.pdf#page=29&zoom=100,0,0