diff options
| author | Pavel Mayorov <pmayorov@cloudlinux.com> | 2022-01-07 12:34:37 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2022-01-07 12:34:37 +0000 |
| commit | 0e9f1c04b9572920c7f940203a67d5af3f6c19f6 (patch) | |
| tree | efb31147230285e336d7ca49bb37e926d955905f | |
| parent | aed44286efa8ae8717a77d94b51ac3614e2ca6dc (diff) | |
| download | binutils-0e9f1c04b9572920c7f940203a67d5af3f6c19f6.zip binutils-0e9f1c04b9572920c7f940203a67d5af3f6c19f6.tar.gz binutils-0e9f1c04b9572920c7f940203a67d5af3f6c19f6.tar.bz2 | |
Revert previous delta to debug.c. Replace with patch to reject indirect types that point to indirect types.
PR 28718
* dwarf.c: Revert previous delta.
(debug_get_real_type): Reject indirect types that point to
indirect types.
(debug_get_type_name, debug_get_type_size, debug_write_type):
Likewise.
| -rw-r--r-- | binutils/ChangeLog | 10 | ||||
| -rw-r--r-- | binutils/debug.c | 33 |
2 files changed, 23 insertions, 20 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 0b34ead..ff25db2 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,6 +1,14 @@ -2022-01-06 Nick Clifton <nickc@redhat.com> +2022-01-07 Pavel Mayorov <pmayorov@cloudlinux.com> PR 28718 + * dwarf.c: Revert previous delta. + (debug_get_real_type): Reject indirect types that point to + indirect types. + (debug_get_type_name, debug_get_type_size, debug_write_type): + Likewise. + +2022-01-06 Nick Clifton <nickc@redhat.com> + * debug.c (debug_write_type): Allow for malicious recursion via indirect debug types. diff --git a/binutils/debug.c b/binutils/debug.c index 5866365..3f8998a 100644 --- a/binutils/debug.c +++ b/binutils/debug.c @@ -2065,7 +2065,9 @@ debug_get_real_type (void *handle, debug_type type, /* The default case is just here to avoid warnings. */ default: case DEBUG_KIND_INDIRECT: - if (*type->u.kindirect->slot != NULL) + /* A valid non-self-referencing indirect type. */ + if (*type->u.kindirect->slot != NULL + && *type->u.kindirect->slot != type) return debug_get_real_type (handle, *type->u.kindirect->slot, &rl); return type; case DEBUG_KIND_NAMED: @@ -2095,7 +2097,9 @@ debug_get_type_name (void *handle, debug_type type) { if (type->kind == DEBUG_KIND_INDIRECT) { - if (*type->u.kindirect->slot != NULL) + /* A valid non-self-referencing indirect type. */ + if (*type->u.kindirect->slot != NULL + && *type->u.kindirect->slot != type) return debug_get_type_name (handle, *type->u.kindirect->slot); return type->u.kindirect->tag; } @@ -2124,7 +2128,9 @@ debug_get_type_size (void *handle, debug_type type) default: return 0; case DEBUG_KIND_INDIRECT: - if (*type->u.kindirect->slot != NULL) + /* A valid non-self-referencing indirect type. */ + if (*type->u.kindirect->slot != NULL + && *type->u.kindirect->slot != type) return debug_get_type_size (handle, *type->u.kindirect->slot); return 0; case DEBUG_KIND_NAMED: @@ -2484,22 +2490,11 @@ debug_write_type (struct debug_handle *info, debug_error (_("debug_write_type: illegal type encountered")); return false; case DEBUG_KIND_INDIRECT: - /* PR 28718: Allow for malicious recursion. */ - { - static int recursion_depth = 0; - bool result; - - if (recursion_depth > 256) - { - debug_error (_("debug_write_type: too many levels of nested indirection")); - return false; - } - ++ recursion_depth; - result = debug_write_type (info, fns, fhandle, *type->u.kindirect->slot, - name); - -- recursion_depth; - return result; - } + /* Prevent infinite recursion. */ + if (*type->u.kindirect->slot == type) + return (*fns->empty_type) (fhandle); + return debug_write_type (info, fns, fhandle, *type->u.kindirect->slot, + name); case DEBUG_KIND_VOID: return (*fns->void_type) (fhandle); case DEBUG_KIND_INT: |