projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aed4428)
Revert previous delta to debug.c. Replace with patch to reject indirect types that...
authorPavel Mayorov <pmayorov@cloudlinux.com>
Fri, 7 Jan 2022 12:34:37 +0000 (12:34 +0000)
committerNick Clifton <nickc@redhat.com>
Fri, 7 Jan 2022 12:34:37 +0000 (12:34 +0000)
PR 28718
* dwarf.c: Revert previous delta.
(debug_get_real_type): Reject indirect types that point to
indirect types.
(debug_get_type_name, debug_get_type_size, debug_write_type):
Likewise.

binutils/ChangeLog patch | blob | history
binutils/debug.c patch | blob | history

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 0b34eadcdc3cb3a5f66e41dbb5a7a461fc2b7c22..ff25db288a7de142a816ab89d4443306956a6bef 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,6 +1,14 @@
-2022-01-06  Nick Clifton  <nickc@redhat.com>
+2022-01-07  Pavel Mayorov  <pmayorov@cloudlinux.com>
 
        PR 28718
+       * dwarf.c: Revert previous delta.
+       (debug_get_real_type): Reject indirect types that point to
+       indirect types.
+       (debug_get_type_name, debug_get_type_size, debug_write_type):
+       Likewise.
+
+2022-01-06  Nick Clifton  <nickc@redhat.com>
+
        * debug.c (debug_write_type): Allow for malicious recursion via
        indirect debug types.
 
diff --git a/binutils/debug.c b/binutils/debug.c
index 5866365247a5bec12c6dea8ee7703303adf132fe..3f8998af7cd2bda0f2783c1ff5c9f432a2d474dd 100644 (file)
--- a/binutils/debug.c
+++ b/binutils/debug.c
@@ -2065,7 +2065,9 @@ debug_get_real_type (void *handle, debug_type type,
       /* The default case is just here to avoid warnings.  */
     default:
     case DEBUG_KIND_INDIRECT:
-      if (*type->u.kindirect->slot != NULL)
+      /* A valid non-self-referencing indirect type.  */
+      if (*type->u.kindirect->slot != NULL
+         && *type->u.kindirect->slot != type)
        return debug_get_real_type (handle, *type->u.kindirect->slot, &rl);
       return type;
     case DEBUG_KIND_NAMED:
@@ -2095,7 +2097,9 @@ debug_get_type_name (void *handle, debug_type type)
 {
   if (type->kind == DEBUG_KIND_INDIRECT)
     {
-      if (*type->u.kindirect->slot != NULL)
+      /* A valid non-self-referencing indirect type.  */
+      if (*type->u.kindirect->slot != NULL
+         && *type->u.kindirect->slot != type)
        return debug_get_type_name (handle, *type->u.kindirect->slot);
       return type->u.kindirect->tag;
     }
@@ -2124,7 +2128,9 @@ debug_get_type_size (void *handle, debug_type type)
     default:
       return 0;
     case DEBUG_KIND_INDIRECT:
-      if (*type->u.kindirect->slot != NULL)
+      /* A valid non-self-referencing indirect type.  */
+      if (*type->u.kindirect->slot != NULL
+         && *type->u.kindirect->slot != type)
        return debug_get_type_size (handle, *type->u.kindirect->slot);
       return 0;
     case DEBUG_KIND_NAMED:
@@ -2484,22 +2490,11 @@ debug_write_type (struct debug_handle *info,
       debug_error (_("debug_write_type: illegal type encountered"));
       return false;
     case DEBUG_KIND_INDIRECT:
-      /* PR 28718: Allow for malicious recursion.  */
-      {
-       static int recursion_depth = 0;
-       bool result;
-
-       if (recursion_depth > 256)
-         {
-           debug_error (_("debug_write_type: too many levels of nested indirection"));
-           return false;
-         }
-       ++ recursion_depth;
-       result = debug_write_type (info, fns, fhandle, *type->u.kindirect->slot,
-                                 name);
-       -- recursion_depth;
-       return result;
-      }
+      /* Prevent infinite recursion.  */
+      if (*type->u.kindirect->slot == type)
+       return (*fns->empty_type) (fhandle);
+      return debug_write_type (info, fns, fhandle, *type->u.kindirect->slot,
+                              name);
     case DEBUG_KIND_VOID:
       return (*fns->void_type) (fhandle);
     case DEBUG_KIND_INT: