mirror of
https://github.com/espressif/binutils-gdb.git
synced 2025-06-21 02:24:17 +08:00
Fix an illegal memory access when dumping corrupt x86_64 PE unwind data.
PR 24922 * pei-x86_64.c (pex64_xdata_print_uwd_codes): Add checks before reading data from extra records.
This commit is contained in:
Nick Clifton
@ -1,3 +1,9 @@
|
|||||||
|
2019-08-22 Nick Clifton <nickc@redhat.com>
|
||||||
|
|
||||||
|
PR 24922
|
||||||
|
* pei-x86_64.c (pex64_xdata_print_uwd_codes): Add checks before
|
||||||
|
reading data from extra records.
|
||||||
|
|
||||||
2019-08-22 Tamar Christina <tamar.christina@arm.com>
|
2019-08-22 Tamar Christina <tamar.christina@arm.com>
|
||||||
|
|
||||||
PR ld/24601
|
PR ld/24601
|
||||||
|
|||||||
@ -228,27 +228,41 @@ pex64_xdata_print_uwd_codes (FILE *file, bfd *abfd,
|
|||||||
int unexpected = FALSE;
|
int unexpected = FALSE;
|
||||||
|
|
||||||
fprintf (file, "\t pc+0x%02x: ", (unsigned int) dta[0]);
|
fprintf (file, "\t pc+0x%02x: ", (unsigned int) dta[0]);
|
||||||
|
|
||||||
switch (PEX64_UNWCODE_CODE (dta[1]))
|
switch (PEX64_UNWCODE_CODE (dta[1]))
|
||||||
{
|
{
|
||||||
case UWOP_PUSH_NONVOL:
|
case UWOP_PUSH_NONVOL:
|
||||||
fprintf (file, "push %s", pex_regs[info]);
|
fprintf (file, "push %s", pex_regs[info]);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case UWOP_ALLOC_LARGE:
|
case UWOP_ALLOC_LARGE:
|
||||||
if (info == 0)
|
if (info == 0)
|
||||||
{
|
{
|
||||||
tmp = bfd_get_16 (abfd, &dta[2]) * 8;
|
if (dta + 4 > ui->rawUnwindCodesEnd)
|
||||||
|
{
|
||||||
|
fprintf (file, _("warning: corrupt unwind data\n"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
tmp = bfd_get_16 (abfd, dta + 2) * 8;
|
||||||
i++;
|
i++;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
tmp = bfd_get_32 (abfd, &dta[2]);
|
if (dta + 6 > ui->rawUnwindCodesEnd)
|
||||||
|
{
|
||||||
|
fprintf (file, _("warning: corrupt unwind data\n"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
tmp = bfd_get_32 (abfd, dta + 2);
|
||||||
i += 2;
|
i += 2;
|
||||||
}
|
}
|
||||||
fprintf (file, "alloc large area: rsp = rsp - 0x%x", tmp);
|
fprintf (file, "alloc large area: rsp = rsp - 0x%x", tmp);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case UWOP_ALLOC_SMALL:
|
case UWOP_ALLOC_SMALL:
|
||||||
fprintf (file, "alloc small area: rsp = rsp - 0x%x", (info + 1) * 8);
|
fprintf (file, "alloc small area: rsp = rsp - 0x%x", (info + 1) * 8);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case UWOP_SET_FPREG:
|
case UWOP_SET_FPREG:
|
||||||
/* According to the documentation, info field is unused. */
|
/* According to the documentation, info field is unused. */
|
||||||
fprintf (file, "FPReg: %s = rsp + 0x%x (info = 0x%x)",
|
fprintf (file, "FPReg: %s = rsp + 0x%x (info = 0x%x)",
|
||||||
@ -257,22 +271,40 @@ pex64_xdata_print_uwd_codes (FILE *file, bfd *abfd,
|
|||||||
unexpected = ui->FrameRegister == 0;
|
unexpected = ui->FrameRegister == 0;
|
||||||
save_allowed = FALSE;
|
save_allowed = FALSE;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case UWOP_SAVE_NONVOL:
|
case UWOP_SAVE_NONVOL:
|
||||||
tmp = bfd_get_16 (abfd, &dta[2]) * 8;
|
if (dta + 4 > ui->rawUnwindCodesEnd)
|
||||||
|
{
|
||||||
|
fprintf (file, _("warning: corrupt unwind data\n"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
tmp = bfd_get_16 (abfd, dta + 2) * 8;
|
||||||
i++;
|
i++;
|
||||||
fprintf (file, "save %s at rsp + 0x%x", pex_regs[info], tmp);
|
fprintf (file, "save %s at rsp + 0x%x", pex_regs[info], tmp);
|
||||||
unexpected = !save_allowed;
|
unexpected = !save_allowed;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case UWOP_SAVE_NONVOL_FAR:
|
case UWOP_SAVE_NONVOL_FAR:
|
||||||
tmp = bfd_get_32 (abfd, &dta[2]);
|
if (dta + 6 > ui->rawUnwindCodesEnd)
|
||||||
|
{
|
||||||
|
fprintf (file, _("warning: corrupt unwind data\n"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
tmp = bfd_get_32 (abfd, dta + 2);
|
||||||
i += 2;
|
i += 2;
|
||||||
fprintf (file, "save %s at rsp + 0x%x", pex_regs[info], tmp);
|
fprintf (file, "save %s at rsp + 0x%x", pex_regs[info], tmp);
|
||||||
unexpected = !save_allowed;
|
unexpected = !save_allowed;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case UWOP_SAVE_XMM:
|
case UWOP_SAVE_XMM:
|
||||||
if (ui->Version == 1)
|
if (ui->Version == 1)
|
||||||
{
|
{
|
||||||
tmp = bfd_get_16 (abfd, &dta[2]) * 8;
|
if (dta + 4 > ui->rawUnwindCodesEnd)
|
||||||
|
{
|
||||||
|
fprintf (file, _("warning: corrupt unwind data\n"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
tmp = bfd_get_16 (abfd, dta + 2) * 8;
|
||||||
i++;
|
i++;
|
||||||
fprintf (file, "save mm%u at rsp + 0x%x", info, tmp);
|
fprintf (file, "save mm%u at rsp + 0x%x", info, tmp);
|
||||||
unexpected = !save_allowed;
|
unexpected = !save_allowed;
|
||||||
@ -283,24 +315,43 @@ pex64_xdata_print_uwd_codes (FILE *file, bfd *abfd,
|
|||||||
unexpected = TRUE;
|
unexpected = TRUE;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case UWOP_SAVE_XMM_FAR:
|
case UWOP_SAVE_XMM_FAR:
|
||||||
tmp = bfd_get_32 (abfd, &dta[2]) * 8;
|
if (dta + 6 > ui->rawUnwindCodesEnd)
|
||||||
|
{
|
||||||
|
fprintf (file, _("warning: corrupt unwind data\n"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
tmp = bfd_get_32 (abfd, dta + 2) * 8;
|
||||||
i += 2;
|
i += 2;
|
||||||
fprintf (file, "save mm%u at rsp + 0x%x", info, tmp);
|
fprintf (file, "save mm%u at rsp + 0x%x", info, tmp);
|
||||||
unexpected = !save_allowed;
|
unexpected = !save_allowed;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case UWOP_SAVE_XMM128:
|
case UWOP_SAVE_XMM128:
|
||||||
tmp = bfd_get_16 (abfd, &dta[2]) * 16;
|
if (dta + 4 > ui->rawUnwindCodesEnd)
|
||||||
|
{
|
||||||
|
fprintf (file, _("warning: corrupt unwind data\n"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
tmp = bfd_get_16 (abfd, dta + 2) * 16;
|
||||||
i++;
|
i++;
|
||||||
fprintf (file, "save xmm%u at rsp + 0x%x", info, tmp);
|
fprintf (file, "save xmm%u at rsp + 0x%x", info, tmp);
|
||||||
unexpected = !save_allowed;
|
unexpected = !save_allowed;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case UWOP_SAVE_XMM128_FAR:
|
case UWOP_SAVE_XMM128_FAR:
|
||||||
tmp = bfd_get_32 (abfd, &dta[2]) * 16;
|
if (dta + 6 > ui->rawUnwindCodesEnd)
|
||||||
|
{
|
||||||
|
fprintf (file, _("warning: corrupt unwind data\n"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
tmp = bfd_get_32 (abfd, dta + 2) * 16;
|
||||||
i += 2;
|
i += 2;
|
||||||
fprintf (file, "save xmm%u at rsp + 0x%x", info, tmp);
|
fprintf (file, "save xmm%u at rsp + 0x%x", info, tmp);
|
||||||
unexpected = !save_allowed;
|
unexpected = !save_allowed;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case UWOP_PUSH_MACHFRAME:
|
case UWOP_PUSH_MACHFRAME:
|
||||||
fprintf (file, "interrupt entry (SS, old RSP, EFLAGS, CS, RIP");
|
fprintf (file, "interrupt entry (SS, old RSP, EFLAGS, CS, RIP");
|
||||||
if (info == 0)
|
if (info == 0)
|
||||||
@ -310,11 +361,13 @@ pex64_xdata_print_uwd_codes (FILE *file, bfd *abfd,
|
|||||||
else
|
else
|
||||||
fprintf (file, ", unknown(%u))", info);
|
fprintf (file, ", unknown(%u))", info);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
/* PR 17512: file: 2245-7442-0.004. */
|
/* PR 17512: file: 2245-7442-0.004. */
|
||||||
fprintf (file, _("Unknown: %x"), PEX64_UNWCODE_CODE (dta[1]));
|
fprintf (file, _("Unknown: %x"), PEX64_UNWCODE_CODE (dta[1]));
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (unexpected)
|
if (unexpected)
|
||||||
fprintf (file, " [Unexpected!]");
|
fprintf (file, " [Unexpected!]");
|
||||||
fputc ('\n', file);
|
fputc ('\n', file);
|
||||||
|
|||||||
Reference in New Issue
Block a user