espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-20 09:58:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

process_cu_tu_index

Browse Source 
* dwarf.c (process_cu_tu_index): Avoid pointer UB.  Use _mul_overflow.
	Delete dead code.
This commit is contained in:
Alan Modra
2021-05-15 15:40:46 +09:30
parent bb19bf1269
commit b9c0d70312
2 changed files with 14 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
binutils/ChangeLog
View File

@ -1,3 +1,8 @@
2021-05-15 Alan Modra <amodra@gmail.com>
* dwarf.c (process_cu_tu_index): Avoid pointer UB. Use _mul_overflow.
Delete dead code.
2021-05-15 Alan Modra <amodra@gmail.com> 2021-05-15 Alan Modra <amodra@gmail.com>
* dwarf.c (display_gdb_index): Avoid pointer UB and overflow in * dwarf.c (display_gdb_index): Avoid pointer UB and overflow in

36
binutils/dwarf.c
View File

@ -10320,6 +10320,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
unsigned int i; unsigned int i;
unsigned int j; unsigned int j;
dwarf_vma signature; dwarf_vma signature;
size_t total;
/* PR 17512: file: 002-168123-0.004. */ /* PR 17512: file: 002-168123-0.004. */
if (phdr == NULL) if (phdr == NULL)
@ -10357,10 +10358,8 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
} }
/* PR 17531: file: 45d69832. */ /* PR 17531: file: 45d69832. */
if ((size_t) nslots * 8 / 8 != nslots if (_mul_overflow ((size_t) nslots, 12, &total)
|| phash < phdr || phash > limit || total > (size_t) (limit - phash))
|| pindex < phash || pindex > limit
|| ppool < pindex || ppool > limit)
{ {
warn (ngettext ("Section %s is too small for %u slot\n", warn (ngettext ("Section %s is too small for %u slot\n",
"Section %s is too small for %u slots\n", "Section %s is too small for %u slots\n",
@ -10427,23 +10426,21 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
unsigned char *pi = pindex; unsigned char *pi = pindex;
unsigned char *poffsets = ppool + (size_t) ncols * 4; unsigned char *poffsets = ppool + (size_t) ncols * 4;
unsigned char *psizes = poffsets + (size_t) nused * ncols * 4; unsigned char *psizes = poffsets + (size_t) nused * ncols * 4;
unsigned char *pend = psizes + (size_t) nused * ncols * 4;
bool is_tu_index; bool is_tu_index;
struct cu_tu_set *this_set = NULL; struct cu_tu_set *this_set = NULL;
unsigned int row; unsigned int row;
unsigned char *prow; unsigned char *prow;
size_t temp;
is_tu_index = strcmp (section->name, ".debug_tu_index") == 0; is_tu_index = strcmp (section->name, ".debug_tu_index") == 0;
/* PR 17531: file: 0dd159bf. /* PR 17531: file: 0dd159bf.
Check for integer overflow (can occur when size_t is 32-bit) Check for integer overflow (can occur when size_t is 32-bit)
with overlarge ncols or nused values. */ with overlarge ncols or nused values. */
if (ncols > 0 if (nused == -1u
&& ((size_t) ncols * 4 / 4 != ncols || _mul_overflow ((size_t) ncols, 4, &temp)
|| (size_t) nused * ncols * 4 / ((size_t) ncols * 4) != nused || _mul_overflow ((size_t) nused + 1, temp, &total)
|| poffsets < ppool || poffsets > limit || total > (size_t) (limit - ppool))
|| psizes < poffsets || psizes > limit
|| pend < psizes || pend > limit))
{ {
warn (_("Section %s too small for offset and size tables\n"), warn (_("Section %s too small for offset and size tables\n"),
section->name); section->name);
@ -10502,25 +10499,10 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
{ {
size_t num_copy = sizeof (uint64_t); size_t num_copy = sizeof (uint64_t);
/* PR 23064: Beware of buffer overflow. */ memcpy (&this_set[row - 1].signature, ph, num_copy);
if (ph + num_copy < limit)
memcpy (&this_set[row - 1].signature, ph, num_copy);
else
{
warn (_("Signature (%p) extends beyond end of space in section\n"), ph);
return 0;
}
} }
prow = poffsets + (row - 1) * ncols * 4; prow = poffsets + (row - 1) * ncols * 4;
/* PR 17531: file: b8ce60a8. */
if (prow < poffsets || prow > limit)
{
warn (_("Row index (%u) * num columns (%u) > space remaining in section\n"),
row, ncols);
return 0;
}
if (do_display) if (do_display)
printf (_(" [%3d] 0x%s"), printf (_(" [%3d] 0x%s"),
i, dwarf_vmatoa ("x", signature)); i, dwarf_vmatoa ("x", signature));