espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-22 02:50:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Sanity check loc_offsets index

Browse Source 
Fixes a segfault found by the fuzzers.

	* dwarf.c (fetch_indexed_value): Return -1 on error.
	(read_and_display_attr_value): Don't display string when
	fetch_indexed_value returns an error.  Sanity check loc_offsets
	index.
This commit is contained in:
Alan Modra
2022-08-04 21:43:22 +09:30
parent 188bc85476
commit dfbc689c69
1 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
binutils/dwarf.c
View File

@ -779,7 +779,7 @@ fetch_indexed_addr (dwarf_vma offset, uint32_t num_bytes)
/* Fetch a value from a debug section that has been indexed by /* Fetch a value from a debug section that has been indexed by
something in another section (eg DW_FORM_loclistx or DW_FORM_rnglistx). something in another section (eg DW_FORM_loclistx or DW_FORM_rnglistx).
Returns 0 if the value could not be found. */ Returns -1 if the value could not be found. */
static dwarf_vma static dwarf_vma
fetch_indexed_value (dwarf_vma idx, fetch_indexed_value (dwarf_vma idx,
@ -791,7 +791,7 @@ fetch_indexed_value (dwarf_vma idx,
if (section->start == NULL) if (section->start == NULL)
{ {
warn (_("Unable to locate %s section\n"), section->uncompressed_name); warn (_("Unable to locate %s section\n"), section->uncompressed_name);
return 0; return -1;
} }
uint32_t pointer_size, bias; uint32_t pointer_size, bias;
@ -820,7 +820,7 @@ fetch_indexed_value (dwarf_vma idx,
{ {
warn (_("Offset into section %s too big: 0x%s\n"), warn (_("Offset into section %s too big: 0x%s\n"),
section->name, dwarf_vmatoa ("x", offset)); section->name, dwarf_vmatoa ("x", offset));
return 0; return -1;
} }
return byte_get (section->start + offset, pointer_size); return byte_get (section->start + offset, pointer_size);
@ -2782,7 +2782,8 @@ read_and_display_attr_value (unsigned long attribute,
if (dwo) if (dwo)
{ {
idx = fetch_indexed_value (uvalue, loclists_dwo, 0); idx = fetch_indexed_value (uvalue, loclists_dwo, 0);
idx += (offset_size == 8) ? 20 : 12; if (idx != (dwarf_vma) -1)
idx += (offset_size == 8) ? 20 : 12;
} }
else if (debug_info_p == NULL) else if (debug_info_p == NULL)
{ {
@ -2795,7 +2796,13 @@ read_and_display_attr_value (unsigned long attribute,
idx += debug_info_p->loclists_base; idx += debug_info_p->loclists_base;
Fortunately we already have that sum cached in the Fortunately we already have that sum cached in the
loc_offsets array. */ loc_offsets array. */
idx = debug_info_p->loc_offsets [uvalue]; if (uvalue < debug_info_p->num_loc_offsets)
idx = debug_info_p->loc_offsets [uvalue];
else
{
warn (_("loc_offset %" PRIu64 " too big\n"), uvalue);
idx = -1;
}
} }
} }
else if (form == DW_FORM_rnglistx) else if (form == DW_FORM_rnglistx)
@ -2803,7 +2810,8 @@ read_and_display_attr_value (unsigned long attribute,
if (dwo) if (dwo)
{ {
idx = fetch_indexed_value (uvalue, rnglists_dwo, 0); idx = fetch_indexed_value (uvalue, rnglists_dwo, 0);
idx += (offset_size == 8) ? 20 : 12; if (idx != (dwarf_vma) -1)
idx += (offset_size == 8) ? 20 : 12;
} }
else else
{ {
@ -2814,7 +2822,8 @@ read_and_display_attr_value (unsigned long attribute,
/* We do not have a cached value this time, so we perform the /* We do not have a cached value this time, so we perform the
computation manually. */ computation manually. */
idx = fetch_indexed_value (uvalue, rnglists, base); idx = fetch_indexed_value (uvalue, rnglists, base);
idx += base; if (idx != (dwarf_vma) -1)
idx += base;
} }
} }
else else
@ -2831,9 +2840,10 @@ read_and_display_attr_value (unsigned long attribute,
} }
/* We have already displayed the form name. */ /* We have already displayed the form name. */
printf (_("%c(index: 0x%s): %s"), delimiter, if (idx != (dwarf_vma) -1)
dwarf_vmatoa ("x", uvalue), printf (_("%c(index: 0x%s): %s"), delimiter,
dwarf_vmatoa ("x", idx)); dwarf_vmatoa ("x", uvalue),
dwarf_vmatoa ("x", idx));
} }
break; break;