From 22869d73e127511e177a6bd855f9b5dbe22b9eca Mon Sep 17 00:00:00 2001 From: Keith Seitz Date: Wed, 16 Apr 2014 14:39:10 -0700 Subject: [PATCH] PR gdb/15827 Install some sanity checks that sibling DIE offsets are not beyond the defined limits of the DWARF input buffer in read_partial_die and skip_one_die. 2014-03-20 Keith Seitz PR gdb/15827 * dwarf2read.c (skip_one_die): Check that all relative-offset sibling DIEs fall within range of the current reader's buffer. (read_partial_die): Likewise. 2014-03-20 Keith Seitz PR gdb/15827 * gdb.dwarf2/corrupt.c: New file. * gdb.dwarf2/corrupt.exp: New file. --- gdb/ChangeLog | 7 +++ gdb/dwarf2read.c | 4 ++ gdb/testsuite/ChangeLog | 6 +++ gdb/testsuite/gdb.dwarf2/corrupt.c | 24 +++++++++ gdb/testsuite/gdb.dwarf2/corrupt.exp | 77 ++++++++++++++++++++++++++++ 5 files changed, 118 insertions(+) create mode 100644 gdb/testsuite/gdb.dwarf2/corrupt.c create mode 100644 gdb/testsuite/gdb.dwarf2/corrupt.exp diff --git a/gdb/ChangeLog b/gdb/ChangeLog index cd35011f998..5ade869d563 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,10 @@ +2014-04-16 Keith Seitz + + PR gdb/15827 + * dwarf2read.c (skip_one_die): Check that all relative-offset + sibling DIEs fall within range of the current reader's buffer. + (read_partial_die): Likewise. + 2014-04-16 Keith Seitz PR c++/16597 diff --git a/gdb/dwarf2read.c b/gdb/dwarf2read.c index 6d1b90c2fb3..e72cc4bfe52 100644 --- a/gdb/dwarf2read.c +++ b/gdb/dwarf2read.c @@ -7104,6 +7104,8 @@ skip_one_die (const struct die_reader_specs *reader, const gdb_byte *info_ptr, if (sibling_ptr < info_ptr) complaint (&symfile_complaints, _("DW_AT_sibling points backwards")); + else if (sibling_ptr > reader->buffer_end) + dwarf2_section_buffer_overflow_complaint (reader->die_section); else return sibling_ptr; } @@ -15502,6 +15504,8 @@ read_partial_die (const struct die_reader_specs *reader, if (sibling_ptr < info_ptr) complaint (&symfile_complaints, _("DW_AT_sibling points backwards")); + else if (sibling_ptr > reader->buffer_end) + dwarf2_section_buffer_overflow_complaint (reader->die_section); else part_die->sibling = sibling_ptr; } diff --git a/gdb/testsuite/ChangeLog b/gdb/testsuite/ChangeLog index a7e7dcb623b..e7264a4ef19 100644 --- a/gdb/testsuite/ChangeLog +++ b/gdb/testsuite/ChangeLog @@ -1,3 +1,9 @@ +2014-04-16 Keith Seitz + + PR gdb/15827 + * gdb.dwarf2/corrupt.c: New file. + * gdb.dwarf2/corrupt.exp: New file. + 2014-04-16 Keith Seitz PR c++/16597 diff --git a/gdb/testsuite/gdb.dwarf2/corrupt.c b/gdb/testsuite/gdb.dwarf2/corrupt.c new file mode 100644 index 00000000000..bcd5fd878ff --- /dev/null +++ b/gdb/testsuite/gdb.dwarf2/corrupt.c @@ -0,0 +1,24 @@ +/* This testcase is part of GDB, the GNU debugger. + + Copyright 2014 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +/* Dummy main function. */ + +int +main (void) +{ + return 0; +} diff --git a/gdb/testsuite/gdb.dwarf2/corrupt.exp b/gdb/testsuite/gdb.dwarf2/corrupt.exp new file mode 100644 index 00000000000..048ae0cda91 --- /dev/null +++ b/gdb/testsuite/gdb.dwarf2/corrupt.exp @@ -0,0 +1,77 @@ +# Copyright 2014 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Test corrupt DWARF input +# PR gdb/15827 + +load_lib dwarf.exp + +if {![dwarf2_support]} { + return 0 +} + +standard_testfile corrupt.c corrupt.S + +# Make the DWARF used for the test. +# +# Here we put DW_AT_sibling DIEs into the output which +# point off into la-la land. The whole purpose is to simulate +# corrupt DWARF information and make sure that GDB can handle it +# without crashing. + +set asm_file [standard_output_file $srcfile2] +Dwarf::assemble $asm_file { + cu {} { + compile_unit {} { + declare_labels int_label + + int_label: base_type { + {byte_size 4} + {name "int"} + } + + enumeration_type { + {name "ENUM"} + {byte_size 4} + } { + enumerator { + {name "A"} + {const_value 0} + } + enumerator { + {name "B"} + {const_value 1} + {sibling 12345678 DW_FORM_ref4} + } { + base_type { + {byte_size 1} + {name "char"} + } + } + array_type { + {type :$int_label} + {sibling 12345678 DW_FORM_ref4} + } + } + } + } +} + +if {[prepare_for_testing $testfile.exp $testfile \ + [list $srcfile $asm_file] {nodebug}]} { + return -1 +} + +gdb_test "print 1" "= 1" "recover from corrupt DWARF" -- 2.30.2