From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qv1-xf31.google.com (mail-qv1-xf31.google.com [IPv6:2607:f8b0:4864:20::f31]) by sourceware.org (Postfix) with ESMTPS id 4C4453858C53 for ; Fri, 5 Aug 2022 11:25:34 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4C4453858C53 Received: by mail-qv1-xf31.google.com with SMTP id j11so1505635qvt.10 for ; Fri, 05 Aug 2022 04:25:34 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-disposition; bh=njjbe8+w2JEHIZYVfzdFrta5DnY+ZPBGcQKlTay6Wgg=; b=PbYe3XpFsYwBefYdexK5JFpKOOZcpgcYvwfXhuW1S+NpvYlJ96R3leuY4E5Zo5ZPJe 52xdbKAGREre8i6EH58tHxDp/rqsjx1zUuXZew+dk2KNNhQkMV3Gmme5pymrC9N6/KVD VvjhKiLyb47Tf6VE0hdlT2h40IJaeYmgQGqV4VI5/DCNt+NdazmzqkTiDMOkG/2jqr7b YmdEEP2XTDprnAcnIcxKssz0mtiVD6FsGIkXscr+uBzuCuHmRjKwf5P023mEYUuXmWkw jR2rC98to1T6kPt52WiIQVIPzUNwgJADvOITOg77LZARE6KlT/slno9ZQbFp1cnTQcSx JwfQ== X-Gm-Message-State: ACgBeo0aYP5YJUiLug85u41ea6gQSshI531qhlTg8OBb6eZRtMqZH1aC Xbfjm/FhveJs/nBGp5rdXcDEIkgYTdU= X-Google-Smtp-Source: AA6agR60ecPmHpYRxgwSVQd4SLB7G4vam2j02z/B9S9P5UFntqO7SedfyRBvj1jSDgK+JSJbNKSJAg== X-Received: by 2002:a17:902:7c88:b0:16d:3e1e:9ee1 with SMTP id y8-20020a1709027c8800b0016d3e1e9ee1mr6350505pll.102.1659698723336; Fri, 05 Aug 2022 04:25:23 -0700 (PDT) Received: from squeak.grove.modra.org ([2406:3400:51d:8cc0:9ef8:f404:94c2:f255]) by smtp.gmail.com with ESMTPSA id d10-20020a170902ceca00b0016dc6279ab7sm2792592plg.149.2022.08.05.04.25.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Aug 2022 04:25:23 -0700 (PDT) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id 65F6511412C9; Fri, 5 Aug 2022 20:55:20 +0930 (ACST) Date: Fri, 5 Aug 2022 20:55:20 +0930 From: Alan Modra To: binutils@sourceware.org Subject: Sanity check loc_offsets index Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Status: No, score=-3036.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Aug 2022 11:25:35 -0000 Fixes a segfault found by the fuzzers. * dwarf.c (fetch_indexed_value): Return -1 on error. (read_and_display_attr_value): Don't display string when fetch_indexed_value returns an error. Sanity check loc_offsets index. diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 6574b45ffdf..d862e16388b 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -779,7 +779,7 @@ fetch_indexed_addr (dwarf_vma offset, uint32_t num_bytes) /* Fetch a value from a debug section that has been indexed by something in another section (eg DW_FORM_loclistx or DW_FORM_rnglistx). - Returns 0 if the value could not be found. */ + Returns -1 if the value could not be found. */ static dwarf_vma fetch_indexed_value (dwarf_vma idx, @@ -791,7 +791,7 @@ fetch_indexed_value (dwarf_vma idx, if (section->start == NULL) { warn (_("Unable to locate %s section\n"), section->uncompressed_name); - return 0; + return -1; } uint32_t pointer_size, bias; @@ -820,7 +820,7 @@ fetch_indexed_value (dwarf_vma idx, { warn (_("Offset into section %s too big: 0x%s\n"), section->name, dwarf_vmatoa ("x", offset)); - return 0; + return -1; } return byte_get (section->start + offset, pointer_size); @@ -2782,7 +2782,8 @@ read_and_display_attr_value (unsigned long attribute, if (dwo) { idx = fetch_indexed_value (uvalue, loclists_dwo, 0); - idx += (offset_size == 8) ? 20 : 12; + if (idx != (dwarf_vma) -1) + idx += (offset_size == 8) ? 20 : 12; } else if (debug_info_p == NULL) { @@ -2795,7 +2796,13 @@ read_and_display_attr_value (unsigned long attribute, idx += debug_info_p->loclists_base; Fortunately we already have that sum cached in the loc_offsets array. */ - idx = debug_info_p->loc_offsets [uvalue]; + if (uvalue < debug_info_p->num_loc_offsets) + idx = debug_info_p->loc_offsets [uvalue]; + else + { + warn (_("loc_offset %" PRIu64 " too big\n"), uvalue); + idx = -1; + } } } else if (form == DW_FORM_rnglistx) @@ -2803,7 +2810,8 @@ read_and_display_attr_value (unsigned long attribute, if (dwo) { idx = fetch_indexed_value (uvalue, rnglists_dwo, 0); - idx += (offset_size == 8) ? 20 : 12; + if (idx != (dwarf_vma) -1) + idx += (offset_size == 8) ? 20 : 12; } else { @@ -2814,7 +2822,8 @@ read_and_display_attr_value (unsigned long attribute, /* We do not have a cached value this time, so we perform the computation manually. */ idx = fetch_indexed_value (uvalue, rnglists, base); - idx += base; + if (idx != (dwarf_vma) -1) + idx += base; } } else @@ -2831,9 +2840,10 @@ read_and_display_attr_value (unsigned long attribute, } /* We have already displayed the form name. */ - printf (_("%c(index: 0x%s): %s"), delimiter, - dwarf_vmatoa ("x", uvalue), - dwarf_vmatoa ("x", idx)); + if (idx != (dwarf_vma) -1) + printf (_("%c(index: 0x%s): %s"), delimiter, + dwarf_vmatoa ("x", uvalue), + dwarf_vmatoa ("x", idx)); } break; -- Alan Modra Australia Development Lab, IBM