public inbox for binutils-cvs@sourceware.org
help / color / mirror / Atom feed
* [binutils-gdb] Sanity check loc_offsets index
@ 2022-08-05 11:26 Alan Modra
0 siblings, 0 replies; only message in thread
From: Alan Modra @ 2022-08-05 11:26 UTC (permalink / raw)
To: bfd-cvs
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dfbc689c699b3a15f11e8eb09cb05629f60b36b3
commit dfbc689c699b3a15f11e8eb09cb05629f60b36b3
Author: Alan Modra <amodra@gmail.com>
Date: Thu Aug 4 21:43:22 2022 +0930
Sanity check loc_offsets index
Fixes a segfault found by the fuzzers.
* dwarf.c (fetch_indexed_value): Return -1 on error.
(read_and_display_attr_value): Don't display string when
fetch_indexed_value returns an error. Sanity check loc_offsets
index.
Diff:
---
binutils/dwarf.c | 30 ++++++++++++++++++++----------
1 file changed, 20 insertions(+), 10 deletions(-)
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 6574b45ffdf..d862e16388b 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -779,7 +779,7 @@ fetch_indexed_addr (dwarf_vma offset, uint32_t num_bytes)
/* Fetch a value from a debug section that has been indexed by
something in another section (eg DW_FORM_loclistx or DW_FORM_rnglistx).
- Returns 0 if the value could not be found. */
+ Returns -1 if the value could not be found. */
static dwarf_vma
fetch_indexed_value (dwarf_vma idx,
@@ -791,7 +791,7 @@ fetch_indexed_value (dwarf_vma idx,
if (section->start == NULL)
{
warn (_("Unable to locate %s section\n"), section->uncompressed_name);
- return 0;
+ return -1;
}
uint32_t pointer_size, bias;
@@ -820,7 +820,7 @@ fetch_indexed_value (dwarf_vma idx,
{
warn (_("Offset into section %s too big: 0x%s\n"),
section->name, dwarf_vmatoa ("x", offset));
- return 0;
+ return -1;
}
return byte_get (section->start + offset, pointer_size);
@@ -2782,7 +2782,8 @@ read_and_display_attr_value (unsigned long attribute,
if (dwo)
{
idx = fetch_indexed_value (uvalue, loclists_dwo, 0);
- idx += (offset_size == 8) ? 20 : 12;
+ if (idx != (dwarf_vma) -1)
+ idx += (offset_size == 8) ? 20 : 12;
}
else if (debug_info_p == NULL)
{
@@ -2795,7 +2796,13 @@ read_and_display_attr_value (unsigned long attribute,
idx += debug_info_p->loclists_base;
Fortunately we already have that sum cached in the
loc_offsets array. */
- idx = debug_info_p->loc_offsets [uvalue];
+ if (uvalue < debug_info_p->num_loc_offsets)
+ idx = debug_info_p->loc_offsets [uvalue];
+ else
+ {
+ warn (_("loc_offset %" PRIu64 " too big\n"), uvalue);
+ idx = -1;
+ }
}
}
else if (form == DW_FORM_rnglistx)
@@ -2803,7 +2810,8 @@ read_and_display_attr_value (unsigned long attribute,
if (dwo)
{
idx = fetch_indexed_value (uvalue, rnglists_dwo, 0);
- idx += (offset_size == 8) ? 20 : 12;
+ if (idx != (dwarf_vma) -1)
+ idx += (offset_size == 8) ? 20 : 12;
}
else
{
@@ -2814,7 +2822,8 @@ read_and_display_attr_value (unsigned long attribute,
/* We do not have a cached value this time, so we perform the
computation manually. */
idx = fetch_indexed_value (uvalue, rnglists, base);
- idx += base;
+ if (idx != (dwarf_vma) -1)
+ idx += base;
}
}
else
@@ -2831,9 +2840,10 @@ read_and_display_attr_value (unsigned long attribute,
}
/* We have already displayed the form name. */
- printf (_("%c(index: 0x%s): %s"), delimiter,
- dwarf_vmatoa ("x", uvalue),
- dwarf_vmatoa ("x", idx));
+ if (idx != (dwarf_vma) -1)
+ printf (_("%c(index: 0x%s): %s"), delimiter,
+ dwarf_vmatoa ("x", uvalue),
+ dwarf_vmatoa ("x", idx));
}
break;
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-08-05 11:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-05 11:26 [binutils-gdb] Sanity check loc_offsets index Alan Modra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).