projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 452a569)
gdb/dwarf2read.c: Sanity check DW_AT_sibling values.
authorWill Newton <will.newton@linaro.org>
Fri, 1 Nov 2013 21:14:50 +0000 (14:14 -0700)
committerWill Newton <will.newton@linaro.org>
Wed, 6 Nov 2013 15:15:12 +0000 (15:15 +0000)
When reading objects with corrupt debug information it is possible that
the sibling chain can form a loop, which leads to an infinite loop and
memory exhaustion.

Avoid this situation by disregarding and DW_AT_sibling values that point
to a lower address than the current entry.

gdb/ChangeLog:

2013-11-06  Will Newton  <will.newton@linaro.org>

PR gdb/12866
* dwarf2read.c (skip_one_die): Sanity check DW_AT_sibling
values.  (read_partial_die): Likewise.

gdb/ChangeLog patch | blob | history
gdb/dwarf2read.c patch | blob | history

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index e721f029d99ec7affa2e0a87393ac480abe21e5e..45f92e8210e8f4aaeb49b511a438f529613c40aa 100644 (file)
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,9 @@
+2013-11-06  Will Newton  <will.newton@linaro.org>
+
+       PR gdb/12866
+       * dwarf2read.c (skip_one_die): Sanity check DW_AT_sibling
+       values.  (read_partial_die): Likewise.
+
 2013-11-06  Muhammad Bilal  <mbilal@codesourcery.com>
 
        PR cli/16122
diff --git a/gdb/dwarf2read.c b/gdb/dwarf2read.c
index 3974d0b2f8af7ec9bc97b9f3ed24cf6744bf5fd7..bc8e8ca6966c5173bcd043219147986804565730 100644 (file)
--- a/gdb/dwarf2read.c
+++ b/gdb/dwarf2read.c
@@ -7016,7 +7016,16 @@ skip_one_die (const struct die_reader_specs *reader, const gdb_byte *info_ptr,
            complaint (&symfile_complaints,
                       _("ignoring absolute DW_AT_sibling"));
          else
-           return buffer + dwarf2_get_ref_die_offset (&attr).sect_off;
+           {
+             unsigned int off = dwarf2_get_ref_die_offset (&attr).sect_off;
+             const gdb_byte *sibling_ptr = buffer + off;
+
+             if (sibling_ptr < info_ptr)
+               complaint (&symfile_complaints,
+                          _("DW_AT_sibling points backwards"));
+             else
+               return sibling_ptr;
+           }
        }
 
       /* If it isn't DW_AT_sibling, skip this attribute.  */
@@ -15134,7 +15143,16 @@ read_partial_die (const struct die_reader_specs *reader,
            complaint (&symfile_complaints,
                       _("ignoring absolute DW_AT_sibling"));
          else
-           part_die->sibling = buffer + dwarf2_get_ref_die_offset (&attr).sect_off;
+           {
+             unsigned int off = dwarf2_get_ref_die_offset (&attr).sect_off;
+             const gdb_byte *sibling_ptr = buffer + off;
+
+             if (sibling_ptr < info_ptr)
+               complaint (&symfile_complaints,
+                          _("DW_AT_sibling points backwards"));
+             else
+               part_die->sibling = sibling_ptr;
+           }
          break;
         case DW_AT_byte_size:
           part_die->has_byte_size = 1;