From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1062)
 id 69FD23856DC0; Fri,  5 Aug 2022 11:26:44 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 69FD23856DC0
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Alan Modra <amodra@sourceware.org>
To: bfd-cvs@sourceware.org
Subject: [binutils-gdb] Sanity check loc_offsets index
X-Act-Checkin: binutils-gdb
X-Git-Author: Alan Modra <amodra@gmail.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 188bc85476e6ade99bd209ecf430601d56278e64
X-Git-Newrev: dfbc689c699b3a15f11e8eb09cb05629f60b36b3
Message-Id: <20220805112644.69FD23856DC0@sourceware.org>
Date: Fri,  5 Aug 2022 11:26:44 +0000 (GMT)
X-BeenThere: binutils-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils-cvs mailing list <binutils-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils-cvs/>
List-Help: <mailto:binutils-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2022 11:26:44 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3Ddfbc689c699b=
3a15f11e8eb09cb05629f60b36b3

commit dfbc689c699b3a15f11e8eb09cb05629f60b36b3
Author: Alan Modra <amodra@gmail.com>
Date:   Thu Aug 4 21:43:22 2022 +0930

    Sanity check loc_offsets index
   =20
    Fixes a segfault found by the fuzzers.
   =20
            * dwarf.c (fetch_indexed_value): Return -1 on error.
            (read_and_display_attr_value): Don't display string when
            fetch_indexed_value returns an error.  Sanity check loc_offsets
            index.

Diff:
---
 binutils/dwarf.c | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 6574b45ffdf..d862e16388b 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -779,7 +779,7 @@ fetch_indexed_addr (dwarf_vma offset, uint32_t num_byte=
s)
=20
 /* Fetch a value from a debug section that has been indexed by
    something in another section (eg DW_FORM_loclistx or DW_FORM_rnglistx).
-   Returns 0 if the value could not be found.  */
+   Returns -1 if the value could not be found.  */
=20
 static dwarf_vma
 fetch_indexed_value (dwarf_vma idx,
@@ -791,7 +791,7 @@ fetch_indexed_value (dwarf_vma idx,
   if (section->start =3D=3D NULL)
     {
       warn (_("Unable to locate %s section\n"), section->uncompressed_name=
);
-      return 0;
+      return -1;
     }
=20
   uint32_t pointer_size, bias;
@@ -820,7 +820,7 @@ fetch_indexed_value (dwarf_vma idx,
     {
       warn (_("Offset into section %s too big: 0x%s\n"),
 	    section->name, dwarf_vmatoa ("x", offset));
-      return 0;
+      return -1;
     }
=20
   return byte_get (section->start + offset, pointer_size);
@@ -2782,7 +2782,8 @@ read_and_display_attr_value (unsigned long           =
attribute,
 	      if (dwo)
 		{
 		  idx =3D fetch_indexed_value (uvalue, loclists_dwo, 0);
-		  idx +=3D (offset_size =3D=3D 8) ? 20 : 12;
+		  if (idx !=3D (dwarf_vma) -1)
+		    idx +=3D (offset_size =3D=3D 8) ? 20 : 12;
 		}
 	      else if (debug_info_p =3D=3D NULL)
 		{
@@ -2795,7 +2796,13 @@ read_and_display_attr_value (unsigned long          =
 attribute,
 		       idx +=3D debug_info_p->loclists_base;
 		      Fortunately we already have that sum cached in the
 		      loc_offsets array.  */
-		  idx =3D debug_info_p->loc_offsets [uvalue];
+		  if (uvalue < debug_info_p->num_loc_offsets)
+		    idx =3D debug_info_p->loc_offsets [uvalue];
+		  else
+		    {
+		      warn (_("loc_offset %" PRIu64 " too big\n"), uvalue);
+		      idx =3D -1;
+		    }
 		}
 	    }
 	  else if (form =3D=3D DW_FORM_rnglistx)
@@ -2803,7 +2810,8 @@ read_and_display_attr_value (unsigned long           =
attribute,
 	      if (dwo)
 		{
 		  idx =3D fetch_indexed_value (uvalue, rnglists_dwo, 0);
-		  idx +=3D (offset_size =3D=3D 8) ? 20 : 12;
+		  if (idx !=3D (dwarf_vma) -1)
+		    idx +=3D (offset_size =3D=3D 8) ? 20 : 12;
 		}
 	      else
 		{
@@ -2814,7 +2822,8 @@ read_and_display_attr_value (unsigned long           =
attribute,
 		  /* We do not have a cached value this time, so we perform the
 		     computation manually.  */
 		  idx =3D fetch_indexed_value (uvalue, rnglists, base);
-		  idx +=3D base;
+		  if (idx !=3D (dwarf_vma) -1)
+		    idx +=3D base;
 		}
 	    }
 	  else
@@ -2831,9 +2840,10 @@ read_and_display_attr_value (unsigned long          =
 attribute,
 	    }
=20
 	  /* We have already displayed the form name.  */
-	  printf (_("%c(index: 0x%s): %s"), delimiter,
-		  dwarf_vmatoa ("x", uvalue),
-		  dwarf_vmatoa ("x", idx));
+	  if (idx !=3D (dwarf_vma) -1)
+	    printf (_("%c(index: 0x%s): %s"), delimiter,
+		    dwarf_vmatoa ("x", uvalue),
+		    dwarf_vmatoa ("x", idx));
 	}
       break;