/* dwarf.c -- display DWARF contents of a BFD binary file
- Copyright (C) 2005-2016 Free Software Foundation, Inc.
+ Copyright (C) 2005-2017 Free Software Foundation, Inc.
This file is part of GNU Binutils.
if (num_bytes)
{
- /* Printf does not have a way of specifiying a maximum field width for an
+ /* Printf does not have a way of specifying a maximum field width for an
integer value, so we print the full value into a buffer and then select
the precision we need. */
snprintf (ret, sizeof (buf[0].place), DWARF_VMA_FMT_LONG, value);
{
case DW_AT_frame_base:
have_frame_base = 1;
+ /* Fall through. */
case DW_AT_location:
case DW_AT_string_length:
case DW_AT_return_addr:
case DW_AT_frame_base:
have_frame_base = 1;
+ /* Fall through. */
case DW_AT_location:
case DW_AT_string_length:
case DW_AT_return_addr:
/* Traverse the Directory table just to count entries. */
data = standard_opcodes + linfo.li_opcode_base - 1;
+ /* PR 20440 */
+ if (data >= end)
+ {
+ warn (_("opcode base of %d extends beyond end of section\n"),
+ linfo.li_opcode_base);
+ return 0;
+ }
+
if (*data != 0)
{
unsigned char *ptr_directory_table = data;
- while (*data != 0)
+ while (data < end && *data != 0)
{
data += strnlen ((char *) data, end - data) + 1;
n_directories++;
}
+ /* PR 20440 */
+ if (data >= end)
+ {
+ warn (_("directory table ends unexpectedly\n"));
+ n_directories = 0;
+ break;
+ }
+
/* Go through the directory table again to save the directories. */
directory_table = (unsigned char **)
xmalloc (n_directories * sizeof (unsigned char *));
data++;
/* Traverse the File Name table just to count the entries. */
- if (*data != 0)
+ if (data < end && *data != 0)
{
unsigned char *ptr_file_name_table = data;
- while (*data != 0)
+ while (data < end && *data != 0)
{
unsigned int bytes_read;
n_files++;
}
+ if (data >= end)
+ {
+ warn (_("file table ends unexpectedly\n"));
+ n_files = 0;
+ break;
+ }
+
/* Go through the file table again to save the strings. */
file_table = (File_Entry *) xmalloc (n_files * sizeof (File_Entry));
else
{
unsigned int ix = file_table[0].directory_index;
- const char *directory = ix ? (char *)directory_table[ix - 1] : ".";
+ const char *directory;
+
+ if (ix == 0)
+ directory = ".";
+ /* PR 20439 */
+ else if (n_directories == 0)
+ directory = _("<unknown>");
+ else if (ix > n_directories)
+ {
+ warn (_("directory index %u > number of directories %u\n"), ix, n_directories);
+ directory = _("<corrupt>");
+ }
+ else
+ directory = (char *) directory_table[ix - 1];
if (do_wide || strlen (directory) < 76)
printf (_("CU: %s/%s:\n"), directory, file_table[0].name);
data += bytes_read;
state_machine_regs.file = adv;
- if (file_table == NULL)
- printf (_("\n [Use file table entry %d]\n"), state_machine_regs.file - 1);
- else if (file_table[state_machine_regs.file - 1].directory_index == 0)
- /* If directory index is 0, that means current directory. */
- printf ("\n./%s:[++]\n",
- file_table[state_machine_regs.file - 1].name);
- else if (directory_table == NULL)
- printf (_("\n [Use directory table entry %d]\n"),
- file_table[state_machine_regs.file - 1].directory_index - 1);
- else
- /* The directory index starts counting at 1. */
- printf ("\n%s/%s:\n",
- directory_table[file_table[state_machine_regs.file - 1].directory_index - 1],
- file_table[state_machine_regs.file - 1].name);
+ {
+ unsigned file = state_machine_regs.file - 1;
+ unsigned dir;
+
+ if (file_table == NULL || n_files == 0)
+ printf (_("\n [Use file table entry %d]\n"), file);
+ /* PR 20439 */
+ else if (file >= n_files)
+ {
+ warn (_("file index %u > number of files %u\n"), file + 1, n_files);
+ printf (_("\n <over large file table index %u>"), file);
+ }
+ else if ((dir = file_table[file].directory_index) == 0)
+ /* If directory index is 0, that means current directory. */
+ printf ("\n./%s:[++]\n", file_table[file].name);
+ else if (directory_table == NULL || n_directories == 0)
+ printf (_("\n [Use file %s in directory table entry %d]\n"),
+ file_table[file].name, dir);
+ /* PR 20439 */
+ else if (dir > n_directories)
+ {
+ warn (_("directory index %u > number of directories %u\n"), dir, n_directories);
+ printf (_("\n <over large directory table entry %u>\n"), dir);
+ }
+ else
+ printf ("\n%s/%s:\n",
+ /* The directory index starts counting at 1. */
+ directory_table[dir - 1], file_table[file].name);
+ }
break;
case DW_LNS_set_column:
size_t fileNameLength;
if (file_table)
- fileName = (char *) file_table[state_machine_regs.file - 1].name;
+ {
+ unsigned indx = state_machine_regs.file - 1;
+ /* PR 20439 */
+ if (indx >= n_files)
+ {
+ warn (_("corrupt file index %u encountered\n"), indx);
+ fileName = _("<corrupt>");
+ }
+ else
+ fileName = (char *) file_table[indx].name;
+ }
else
- fileName = "<unknown>";
+ fileName = _("<unknown>");
fileNameLength = strlen (fileName);
unsigned int r;
char tmp[100];
- if (*max_regs < fc->ncols)
+ if (*max_regs != fc->ncols)
*max_regs = fc->ncols;
if (*need_col_headers)
if (fc->col_type[r] != DW_CFA_unreferenced)
{
if (r == fc->ra)
- printf ("ra ");
+ printf ("ra ");
else
printf ("%-5s ", regname (r, 1));
}
break;
case DW_CFA_restore:
- if (opa >= (unsigned int) cie->ncols
- || opa >= (unsigned int) fc->ncols)
+ if (opa >= (unsigned int) fc->ncols)
reg_prefix = bad_reg;
if (! do_debug_frames_interp || *reg_prefix != '\0')
printf (" DW_CFA_restore: %s%s\n",
reg_prefix, regname (opa, 0));
- if (*reg_prefix == '\0')
+ if (*reg_prefix != '\0')
+ break;
+
+ if (opa >= (unsigned int) cie->ncols
+ || (do_debug_frames_interp
+ && cie->col_type[opa] == DW_CFA_unreferenced))
+ {
+ fc->col_type[opa] = DW_CFA_undefined;
+ fc->col_offset[opa] = 0;
+ }
+ else
{
fc->col_type[opa] = cie->col_type[opa];
fc->col_offset[opa] = cie->col_offset[opa];
- if (do_debug_frames_interp
- && fc->col_type[opa] == DW_CFA_unreferenced)
- fc->col_type[opa] = DW_CFA_undefined;
}
break;
if (reg >= (unsigned int) fc->ncols)
reg_prefix = bad_reg;
if (! do_debug_frames_interp || *reg_prefix != '\0')
- printf (" DW_CFA_val_offset: %s%s at cfa%+ld\n",
+ printf (" DW_CFA_val_offset: %s%s is cfa%+ld\n",
reg_prefix, regname (reg, 0),
roffs * fc->data_factor);
if (*reg_prefix == '\0')
case DW_CFA_restore_extended:
reg = LEB ();
- if (reg >= (unsigned int) cie->ncols
- || reg >= (unsigned int) fc->ncols)
+ if (reg >= (unsigned int) fc->ncols)
reg_prefix = bad_reg;
if (! do_debug_frames_interp || *reg_prefix != '\0')
printf (" DW_CFA_restore_extended: %s%s\n",
reg_prefix, regname (reg, 0));
- if (*reg_prefix == '\0')
+ if (*reg_prefix != '\0')
+ break;
+
+ if (reg >= (unsigned int) cie->ncols)
+ {
+ fc->col_type[reg] = DW_CFA_undefined;
+ fc->col_offset[reg] = 0;
+ }
+ else
{
fc->col_type[reg] = cie->col_type[reg];
fc->col_offset[reg] = cie->col_offset[reg];
if (frame_need_space (fc, reg) < 0)
reg_prefix = bad_reg;
if (! do_debug_frames_interp || *reg_prefix != '\0')
- printf (" DW_CFA_val_offset_sf: %s%s at cfa%+ld\n",
+ printf (" DW_CFA_val_offset_sf: %s%s is cfa%+ld\n",
reg_prefix, regname (reg, 0),
(long)(l * fc->data_factor));
if (*reg_prefix == '\0')
{ "macro", & do_debug_macinfo, 1 },
{ "pubnames", & do_debug_pubnames, 1 },
{ "pubtypes", & do_debug_pubtypes, 1 },
- /* This entry is for compatability
+ /* This entry is for compatibility
with earlier versions of readelf. */
{ "ranges", & do_debug_aranges, 1 },
{ "rawline", & do_debug_lines, FLAG_DEBUG_LINES_RAW },
case 'F':
do_debug_frames_interp = 1;
+ /* Fall through. */
case 'f':
do_debug_frames = 1;
break;