PR29370, infinite loop in display_debug

public inbox for binutils@sourceware.org
 help / color / mirror / Atom feed

* PR29370, infinite loop in display_debug_abbrev
@ 2022-07-21  4:15 Alan Modra
  0 siblings, 0 replies; only message in thread
From: Alan Modra @ 2022-07-21  4:15 UTC (permalink / raw)
  To: binutils

The PR29370 testcase is a fuzzed object file with multiple
.trace_abbrev sections.  Multiple .trace_abbrev or .debug_abbrev
sections are not a violation of the DWARF standard.  The DWARF5
standard even gives an example of multiple .debug_abbrev sections
contained in groups.  Caching and lookup of processed abbrevs thus
needs to be done by section and offset rather than base and offset.
(Why base anyway?)  Or, since section contents are kept, by a pointer
into the contents.

	PR 29370
	* dwarf.c (struct abbrev_list): Replace abbrev_base and
	abbrev_offset with raw field.
	(find_abbrev_list_by_abbrev_offset): Delete.
	(find_abbrev_list_by_raw_abbrev): New function.
	(process_abbrev_set): Set list->raw and list->next.
	(find_and_process_abbrev_set): Replace abbrev list lookup with
	new function.  Don't set list abbrev_base, abbrev_offset or next.

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 2fc352f74c5..99fb3566994 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -856,8 +856,7 @@ typedef struct abbrev_list
 {
   abbrev_entry *        first_abbrev;
   abbrev_entry *        last_abbrev;
-  dwarf_vma             abbrev_base;
-  dwarf_vma             abbrev_offset;
+  unsigned char *       raw;
   struct abbrev_list *  next;
   unsigned char *       start_of_next_abbrevs;
 }
@@ -946,14 +945,12 @@ free_all_abbrevs (void)
 }
 
 static abbrev_list *
-find_abbrev_list_by_abbrev_offset (dwarf_vma abbrev_base,
-				   dwarf_vma abbrev_offset)
+find_abbrev_list_by_raw_abbrev (unsigned char *raw)
 {
   abbrev_list * list;
 
   for (list = abbrev_lists; list != NULL; list = list->next)
-    if (list->abbrev_base == abbrev_base
-	&& list->abbrev_offset == abbrev_offset)
+    if (list->raw == raw)
       return list;
 
   return NULL;
@@ -1040,6 +1037,7 @@ process_abbrev_set (struct dwarf_section *section,
   abbrev_list *list = xmalloc (sizeof (*list));
   list->first_abbrev = NULL;
   list->last_abbrev = NULL;
+  list->raw = start;
 
   while (start < end)
     {
@@ -1055,6 +1053,7 @@ process_abbrev_set (struct dwarf_section *section,
 	 the caller.  */
       if (start == end || entry == 0)
 	{
+	  list->next = NULL;
 	  list->start_of_next_abbrevs = start != end ? start : NULL;
 	  return list;
 	}
@@ -1144,16 +1143,10 @@ find_and_process_abbrev_set (struct dwarf_section *section,
   unsigned char *end = section->start + abbrev_base + abbrev_size;
   abbrev_list *list = NULL;
   if (free_list)
-    list = find_abbrev_list_by_abbrev_offset (abbrev_base, abbrev_offset);
+    list = find_abbrev_list_by_raw_abbrev (start);
   if (list == NULL)
     {
       list = process_abbrev_set (section, start, end);
-      if (list)
-	{
-	  list->abbrev_base = abbrev_base;
-	  list->abbrev_offset = abbrev_offset;
-	  list->next = NULL;
-	}
       if (free_list)
 	*free_list = list;
     }

-- 
Alan Modra
Australia Development Lab, IBM

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-07-21  4:15 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-21  4:15 PR29370, infinite loop in display_debug_abbrev Alan Modra

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).