From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Cc: Nick Clifton <nickc@redhat.com>
Subject: Tidy PR29893 and PR29908 fix
Date: Mon, 19 Dec 2022 23:57:19 +1030 [thread overview]
Message-ID: <Y6Bmt87TKcG5vugy@squeak.grove.modra.org> (raw)
Hi Nick,
I'm removing the code you added to check "end < entry" for DWARF
version 4, because if you look at the way debug_addr_info is set up
you'll see that it is sorted and so
entry = section->start + debug_addr_info [i]->addr_base;
end = section->start + debug_addr_info [i + 1]->addr_base;
must result in end >= entry. (I'd looked into adding a test there for
PR29893.)
Also, I wonder about all of these warning messages we've been adding
for fuzzed object file errors. In normal operation of the tools they
will never be hit so we're just creating work for translators. Maybe
they should mostly all just be
"%pA+%#" PRIx64 " invalid\n", section, (uint64_t) offset
That's likely all someone debugging binutils or a producer of DWARF
needs.
PR 29893
PR 29908
* dwarf.c (display_debug_addr): Combine dwarf5 unit_length checks.
Delete dead code.
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 03b36afcec0..e08d51b4a97 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -7731,19 +7731,14 @@ display_debug_addr (struct dwarf_section *section,
SAFE_BYTE_GET_AND_INC (length, curr_header, 4, entry);
if (length == 0xffffffff)
SAFE_BYTE_GET_AND_INC (length, curr_header, 8, entry);
- if (length > (size_t) (section->start + section->size - curr_header))
+ if (length > (size_t) (section->start + section->size - curr_header)
+ || length < (size_t) (entry - curr_header))
{
warn (_("Corrupt %s section: unit_length field of %#" PRIx64
- " too large\n"), section->name, length);
+ " is invalid\n"), section->name, length);
return 0;
}
end = curr_header + length;
- if (end < entry)
- {
- warn (_("Corrupt %s section header: length field (%lx) is too small\n"),
- section->name, (long) length);
- return 0;
- }
SAFE_BYTE_GET_AND_INC (version, curr_header, 2, entry);
if (version != 5)
warn (_("Corrupt %s section: expecting version number 5 in header but found %d instead\n"),
@@ -7754,18 +7749,7 @@ display_debug_addr (struct dwarf_section *section,
address_size += segment_selector_size;
}
else
- {
- end = section->start + debug_addr_info [i + 1]->addr_base;
-
- if (end < entry)
- {
- warn (_("Corrupt %s section: address base of entry %u (%lx) is less than entry %u (%lx)\n"),
- section->name,
- i, (long) debug_addr_info [i]->addr_base,
- i + 1, (long) debug_addr_info [i + 1]->addr_base);
- return 0;
- }
- }
+ end = section->start + debug_addr_info [i + 1]->addr_base;
header = end;
idx = 0;
--
Alan Modra
Australia Development Lab, IBM
reply other threads:[~2022-12-19 13:27 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y6Bmt87TKcG5vugy@squeak.grove.modra.org \
--to=amodra@gmail.com \
--cc=binutils@sourceware.org \
--cc=nickc@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).