From f29f609a20e9a979006a3f2b310573845ed4f03b Mon Sep 17 00:00:00 2001
From: wargio <wargio@libero.it>
Date: Tue, 23 Aug 2022 01:01:04 +0200
Subject: [PATCH] fix #2971 - null deref dwarf_process.c

---
 librz/analysis/dwarf_process.c | 6 ++++--
 librz/bin/dwarf.c              | 4 ++--
 librz/include/rz_bin_dwarf.h   | 2 +-
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/librz/analysis/dwarf_process.c b/librz/analysis/dwarf_process.c
index 8bc09743c97..73f242e17eb 100644
--- a/librz/analysis/dwarf_process.c
+++ b/librz/analysis/dwarf_process.c
@@ -1239,13 +1239,15 @@ static st32 parse_function_args_and_vars(Context *ctx, ut64 idx, RzStrBuf *args,
 					const RzBinDwarfAttrValue *val = &child_die->attr_values[i];
 					switch (val->attr_name) {
 					case DW_AT_name:
-						if (!get_linkage_name || !has_linkage_name) {
+						if ((!get_linkage_name || !has_linkage_name) && val->kind == DW_AT_KIND_STRING) {
 							name = val->string.content;
 						}
 						break;
 					case DW_AT_linkage_name:
 					case DW_AT_MIPS_linkage_name:
-						name = val->string.content;
+						if (val->kind == DW_AT_KIND_STRING) {
+							name = val->string.content;
+						}
 						has_linkage_name = true;
 						break;
 					case DW_AT_type:
diff --git a/librz/bin/dwarf.c b/librz/bin/dwarf.c
index 5162ee01e0a..5b3aac85b69 100644
--- a/librz/bin/dwarf.c
+++ b/librz/bin/dwarf.c
@@ -1215,7 +1215,7 @@ static int init_die(RzBinDwarfDie *die, ut64 abbr_code, ut64 attr_count) {
 		return -1;
 	}
 	if (attr_count) {
-		die->attr_values = calloc(sizeof(RzBinDwarfAttrValue), attr_count);
+		die->attr_values = RZ_NEWS0(RzBinDwarfAttrValue, attr_count);
 		if (!die->attr_values) {
 			return -1;
 		}
@@ -1725,7 +1725,7 @@ static const ut8 *parse_die(const ut8 *buf, const ut8 *buf_end, RzBinDwarfDebugI
 	const char *comp_dir = NULL;
 	ut64 line_info_offset = UT64_MAX;
 	if (abbrev->count) {
-		for (i = 0; i < abbrev->count - 1; i++) {
+		for (i = 0; i < abbrev->count - 1 && die->count < die->capacity; i++) {
 			memset(&die->attr_values[i], 0, sizeof(die->attr_values[i]));
 
 			buf = parse_attr_value(buf, buf_end - buf, &abbrev->defs[i],
diff --git a/librz/include/rz_bin_dwarf.h b/librz/include/rz_bin_dwarf.h
index f99a8dd7a90..7e2fe551d24 100644
--- a/librz/include/rz_bin_dwarf.h
+++ b/librz/include/rz_bin_dwarf.h
@@ -679,8 +679,8 @@ typedef struct {
 } RzBinDwarfAttrDef;
 
 typedef struct {
-	ut64 length;
 	ut8 *data;
+	ut64 length;
 } RzBinDwarfBlock;
 
 // http://www.dwarfstd.org/doc/DWARF4.pdf#page=29&zoom=100,0,0