[binutils-gdb] asan: alpha-vms: null dereference

public inbox for gdb-testers@sourceware.org
help / color / mirror / Atom feed

From: gdb-buildbot@sergiodj.net
To: gdb-testers@sourceware.org
Subject: [binutils-gdb] asan: alpha-vms: null dereference
Date: Tue, 31 Mar 2020 11:09:47 -0400	[thread overview]
Message-ID: <7bac4137d757be98de8f6f8d8a649f04cacfdd2f@gdb-build> (raw)

*** TEST RESULTS FOR COMMIT 7bac4137d757be98de8f6f8d8a649f04cacfdd2f ***

commit 7bac4137d757be98de8f6f8d8a649f04cacfdd2f
Author:     Alan Modra <amodra@gmail.com>
AuthorDate: Mon Mar 16 08:44:38 2020 +1030
Commit:     Alan Modra <amodra@gmail.com>
CommitDate: Mon Mar 16 10:51:53 2020 +1030

    asan: alpha-vms: null dereference
    
            * vms-alpha.c (dst_restore_location): Validate index into
            dst_ptr_offsets array before accessing.  Return status.
            (dst_retrieve_location): Similarly, making "loc" parameter a
            pointer to return value.
            (_bfd_vms_slurp_etir): Update calls to above functions.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 5f85a4b37c..cd421649cc 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,11 @@
+2020-03-16  Alan Modra  <amodra@gmail.com>
+
+	* vms-alpha.c (dst_restore_location): Validate index into
+	dst_ptr_offsets array before accessing.  Return status.
+	(dst_retrieve_location): Similarly, making "loc" parameter a
+	pointer to return value.
+	(_bfd_vms_slurp_etir): Update calls to above functions.
+
 2020-03-14  Kamil Rytarowski  <n54@gmx.com>
 
 	* configure.ac: Include netbsd-core.lo for all NetBSD arm and mips
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 241dab340d..c08d35d4b2 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -1570,22 +1570,32 @@ dst_define_location (bfd *abfd, unsigned int loc)
 
 /* Restore saved DST location counter from specified index.  */
 
-static void
+static bfd_boolean
 dst_restore_location (bfd *abfd, unsigned int loc)
 {
   vms_debug2 ((4, "dst_restore_location (%d)\n", (int)loc));
 
-  PRIV (image_offset) = PRIV (dst_ptr_offsets)[loc];
+  if (loc < PRIV (dst_ptr_offsets_count))
+    {
+      PRIV (image_offset) = PRIV (dst_ptr_offsets)[loc];
+      return TRUE;
+    }
+  return FALSE;
 }
 
 /* Retrieve saved DST location counter from specified index.  */
 
-static unsigned int
-dst_retrieve_location (bfd *abfd, unsigned int loc)
+static bfd_boolean
+dst_retrieve_location (bfd *abfd, bfd_vma *loc)
 {
-  vms_debug2 ((4, "dst_retrieve_location (%d)\n", (int)loc));
+  vms_debug2 ((4, "dst_retrieve_location (%d)\n", (int) *loc));
 
-  return PRIV (dst_ptr_offsets)[loc];
+  if (*loc < PRIV (dst_ptr_offsets_count))
+    {
+      *loc = PRIV (dst_ptr_offsets)[*loc];
+      return TRUE;
+    }
+  return FALSE;
 }
 
 /* Write multiple bytes to section image.  */
@@ -2326,7 +2336,12 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
 	    return FALSE;
 	  if (rel1 != RELC_NONE)
 	    goto bad_context;
-	  dst_restore_location (abfd, op1);
+	  if (!dst_restore_location (abfd, op1))
+	    {
+	      bfd_set_error (bfd_error_bad_value);
+	      _bfd_error_handler (_("invalid %s"), "ETIR__C_CTL_STLOC");
+	      return FALSE;
+	    }
 	  break;
 
 	  /* Stack defined location: pop index, push location counter from index
@@ -2336,8 +2351,13 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
 	    return FALSE;
 	  if (rel1 != RELC_NONE)
 	    goto bad_context;
-	  if (!_bfd_vms_push (abfd, dst_retrieve_location (abfd, op1),
-			      RELC_NONE))
+	  if (!dst_retrieve_location (abfd, &op1))
+	    {
+	      bfd_set_error (bfd_error_bad_value);
+	      _bfd_error_handler (_("invalid %s"), "ETIR__C_CTL_STKDL");
+	      return FALSE;
+	    }
+	  if (!_bfd_vms_push (abfd, op1, RELC_NONE))
 	    return FALSE;
 	  break;

next             reply	other threads:[~2020-03-31 15:09 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-31 15:09 gdb-buildbot [this message]
2020-03-31 15:09 ` Failures on Fedora-x86_64-cc-with-index, branch master gdb-buildbot
2020-03-31 15:16 ` Failures on Fedora-i686, " gdb-buildbot
2020-03-31 15:39 ` Failures on Fedora-x86_64-m32, " gdb-buildbot
2020-03-31 16:03 ` Failures on Fedora-x86_64-m64, " gdb-buildbot
2020-03-31 16:20 ` Failures on Fedora-x86_64-native-extended-gdbserver-m32, " gdb-buildbot
2020-04-04  4:04 ` Failures on Fedora-x86_64-native-gdbserver-m32, " gdb-buildbot
2020-04-04 11:36 ` Failures on Fedora-x86_64-native-gdbserver-m64, " gdb-buildbot
2020-04-05  7:35 ` Failures on Ubuntu-Aarch64-native-gdbserver-m64, " gdb-buildbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7bac4137d757be98de8f6f8d8a649f04cacfdd2f@gdb-build \
    --to=gdb-buildbot@sergiodj.net \
    --cc=gdb-testers@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).