+2016-03-15 Doug Evans <dje@google.com>
+
+ * target-descriptions.c (struct tdesc_type) <u.u.size>: Change type
+ from LONGEST to int.
+ (struct tdesc_type) <u.f.size>: Ditto.
+ (tdesc_set_struct_size): Change type of "size" arg from LONGEST
+ to int. Add assertion size > 0.
+ (tdesc_create_flags): Ditto.
+ * target-descriptions.h (tdesc_set_struct_size): Update.
+ (tdesc_create_flags): Update.
+ * xml-tdesc.c (MAX_FIELD_SIZE, MAX_FIELD_BITSIZE): New macros.
+ (MAX_VECTOR_SIZE): New macro.
+ (tdesc_start_struct): Catch conversion errors from LONGEST to int.
+ (tdesc_start_flags, tdesc_start_field, tdesc_start_vector): Ditto.
+
2016-03-15 Doug Evans <dje@google.com>
* target-descriptions.c (maint_print_c_tdesc_cmd): Use "type" for
int count);
struct tdesc_type *tdesc_create_struct (struct tdesc_feature *feature,
const char *name);
-void tdesc_set_struct_size (struct tdesc_type *type, LONGEST size);
+void tdesc_set_struct_size (struct tdesc_type *type, int size);
struct tdesc_type *tdesc_create_union (struct tdesc_feature *feature,
const char *name);
struct tdesc_type *tdesc_create_flags (struct tdesc_feature *feature,
const char *name,
- LONGEST size);
+ int size);
void tdesc_add_field (struct tdesc_type *type, const char *field_name,
struct tdesc_type *field_type);
void tdesc_add_bitfield (struct tdesc_type *type, const char *field_name,
#include "xml-support.h"
#include "xml-tdesc.h"
#include "osabi.h"
-
#include "filenames.h"
+/* Maximum sizes.
+ This is just to catch obviously wrong values. */
+#define MAX_FIELD_SIZE 65536
+#define MAX_FIELD_BITSIZE (MAX_FIELD_SIZE * TARGET_CHAR_BIT)
+#define MAX_VECTOR_SIZE 65536
+
#if !defined(HAVE_LIBEXPAT)
/* Parse DOCUMENT into a target description. Or don't, since we don't have
attr = xml_find_attribute (attributes, "size");
if (attr != NULL)
{
- int size = (int) * (ULONGEST *) attr->value;
+ ULONGEST size = * (ULONGEST *) attr->value;
+ if (size > MAX_FIELD_SIZE)
+ {
+ gdb_xml_error (parser,
+ _("Struct size %s is larger than maximum (%d)"),
+ pulongest (size), MAX_FIELD_SIZE);
+ }
tdesc_set_struct_size (type, size);
data->current_type_size = size;
}
{
struct tdesc_parsing_data *data = (struct tdesc_parsing_data *) user_data;
char *id = (char *) xml_find_attribute (attributes, "id")->value;
- int length = (int) * (ULONGEST *)
+ ULONGEST size = * (ULONGEST *)
xml_find_attribute (attributes, "size")->value;
struct tdesc_type *type;
- type = tdesc_create_flags (data->current_feature, id, length);
+ if (size > MAX_FIELD_SIZE)
+ {
+ gdb_xml_error (parser,
+ _("Flags size %s is larger than maximum (%d)"),
+ pulongest (size), MAX_FIELD_SIZE);
+ }
+ type = tdesc_create_flags (data->current_feature, id, size);
data->current_type = type;
data->current_type_size = 0;
attr = xml_find_attribute (attributes, "start");
if (attr != NULL)
- start = * (ULONGEST *) attr->value;
+ {
+ ULONGEST ul_start = * (ULONGEST *) attr->value;
+
+ if (ul_start > MAX_FIELD_BITSIZE)
+ {
+ gdb_xml_error (parser,
+ _("Field start %s is larger than maximum (%d)"),
+ pulongest (ul_start), MAX_FIELD_BITSIZE);
+ }
+ start = ul_start;
+ }
else
start = -1;
attr = xml_find_attribute (attributes, "end");
if (attr != NULL)
- end = * (ULONGEST *) attr->value;
+ {
+ ULONGEST ul_end = * (ULONGEST *) attr->value;
+
+ if (ul_end > MAX_FIELD_BITSIZE)
+ {
+ gdb_xml_error (parser,
+ _("Field end %s is larger than maximum (%d)"),
+ pulongest (ul_end), MAX_FIELD_BITSIZE);
+ }
+ end = ul_end;
+ }
else
end = -1;
struct gdb_xml_value *attrs = VEC_address (gdb_xml_value_s, attributes);
struct tdesc_type *field_type;
char *id, *field_type_id;
- int count;
+ ULONGEST count;
id = (char *) attrs[0].value;
field_type_id = (char *) attrs[1].value;
count = * (ULONGEST *) attrs[2].value;
+ if (count > MAX_VECTOR_SIZE)
+ {
+ gdb_xml_error (parser,
+ _("Vector size %s is larger than maximum (%d)"),
+ pulongest (count), MAX_VECTOR_SIZE);
+ }
+
field_type = tdesc_named_type (data->current_feature, field_type_id);
if (field_type == NULL)
gdb_xml_error (parser, _("Vector \"%s\" references undefined type \"%s\""),
projects / binutils-gdb.git / commitdiff