public inbox for binutils-cvs@sourceware.org
help / color / mirror / Atom feed
From: Alan Modra <amodra@sourceware.org>
To: bfd-cvs@sourceware.org
Subject: [binutils-gdb] PR29370, infinite loop in display_debug_abbrev
Date: Thu, 21 Jul 2022 04:15:54 +0000 (GMT)	[thread overview]
Message-ID: <20220721041554.C2659385AE67@sourceware.org> (raw)

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=695c6dfe7e85006b98c8b746f3fd5f913c94ebff

commit 695c6dfe7e85006b98c8b746f3fd5f913c94ebff
Author: Alan Modra <amodra@gmail.com>
Date:   Thu Jul 21 09:56:15 2022 +0930

    PR29370, infinite loop in display_debug_abbrev
    
    The PR29370 testcase is a fuzzed object file with multiple
    .trace_abbrev sections.  Multiple .trace_abbrev or .debug_abbrev
    sections are not a violation of the DWARF standard.  The DWARF5
    standard even gives an example of multiple .debug_abbrev sections
    contained in groups.  Caching and lookup of processed abbrevs thus
    needs to be done by section and offset rather than base and offset.
    (Why base anyway?)  Or, since section contents are kept, by a pointer
    into the contents.
    
            PR 29370
            * dwarf.c (struct abbrev_list): Replace abbrev_base and
            abbrev_offset with raw field.
            (find_abbrev_list_by_abbrev_offset): Delete.
            (find_abbrev_list_by_raw_abbrev): New function.
            (process_abbrev_set): Set list->raw and list->next.
            (find_and_process_abbrev_set): Replace abbrev list lookup with
            new function.  Don't set list abbrev_base, abbrev_offset or next.

Diff:
---
 binutils/dwarf.c | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 2fc352f74c5..99fb3566994 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -856,8 +856,7 @@ typedef struct abbrev_list
 {
   abbrev_entry *        first_abbrev;
   abbrev_entry *        last_abbrev;
-  dwarf_vma             abbrev_base;
-  dwarf_vma             abbrev_offset;
+  unsigned char *       raw;
   struct abbrev_list *  next;
   unsigned char *       start_of_next_abbrevs;
 }
@@ -946,14 +945,12 @@ free_all_abbrevs (void)
 }
 
 static abbrev_list *
-find_abbrev_list_by_abbrev_offset (dwarf_vma abbrev_base,
-				   dwarf_vma abbrev_offset)
+find_abbrev_list_by_raw_abbrev (unsigned char *raw)
 {
   abbrev_list * list;
 
   for (list = abbrev_lists; list != NULL; list = list->next)
-    if (list->abbrev_base == abbrev_base
-	&& list->abbrev_offset == abbrev_offset)
+    if (list->raw == raw)
       return list;
 
   return NULL;
@@ -1040,6 +1037,7 @@ process_abbrev_set (struct dwarf_section *section,
   abbrev_list *list = xmalloc (sizeof (*list));
   list->first_abbrev = NULL;
   list->last_abbrev = NULL;
+  list->raw = start;
 
   while (start < end)
     {
@@ -1055,6 +1053,7 @@ process_abbrev_set (struct dwarf_section *section,
 	 the caller.  */
       if (start == end || entry == 0)
 	{
+	  list->next = NULL;
 	  list->start_of_next_abbrevs = start != end ? start : NULL;
 	  return list;
 	}
@@ -1144,16 +1143,10 @@ find_and_process_abbrev_set (struct dwarf_section *section,
   unsigned char *end = section->start + abbrev_base + abbrev_size;
   abbrev_list *list = NULL;
   if (free_list)
-    list = find_abbrev_list_by_abbrev_offset (abbrev_base, abbrev_offset);
+    list = find_abbrev_list_by_raw_abbrev (start);
   if (list == NULL)
     {
       list = process_abbrev_set (section, start, end);
-      if (list)
-	{
-	  list->abbrev_base = abbrev_base;
-	  list->abbrev_offset = abbrev_offset;
-	  list->next = NULL;
-	}
       if (free_list)
 	*free_list = list;
     }


                 reply	other threads:[~2022-07-21  4:15 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220721041554.C2659385AE67@sourceware.org \
    --to=amodra@sourceware.org \
    --cc=bfd-cvs@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).