gdb: Guard against NULL dereference in dwarf2_init_integer_type

In this commit: commit eb77c9df9f6d2f7aa644a170280fe31ce080f887 Date: Thu Oct 18 14:04:27 2018 +0100 gdb: Handle ICC's unexpected void return type A potential dereference of a NULL pointer was introduced if a DW_TAG_base_type is missing a DW_AT_name attribute. I have taken this opportunity to fix a slight confusion that existed in the test also added in the above commit, the test had two C variables, declared like this: int var_a = 5; void *var_ptr = &var_a; However, the fake DWARF in the test script declared them like this: void var_a = 5; void *var_ptr = &var_a; This wasn't a problem as the test never uses 'var_a' directly, this only exists so 'var_ptr' can be initialised. However, it seemed worth fixing. I've also added a test for a DW_TAG_base_type with a missing DW_AT_name, as clearly there's not test currently that covers this (the original patch tested cleanly). I can confirm that the new test causes GDB to crash before this patch, and passes with this patch. gdb/ChangeLog: * dwarf2read.c (dwarf2_init_integer_type): Check for name being NULL before dereferencing it. gdb/testsuite/ChangeLog: * gdb.dwarf2/void-type.exp: Rename types, and make var_a an 'int'. * gdb.dwarf2/missing-type-name.exp: New file.
author: Andrew Burgess <andrew.burgess@embecosm.com> 2018-11-06 19:55:21 +0000
committer: Andrew Burgess <andrew.burgess@embecosm.com> 2018-11-07 12:58:56 +0000
commit: 35ee2dc2e4de8b1ae73f420d5db3375f92300b70 (patch)
tree: 0e3bf62a6485e3d8d9345ed6d3a404919ab43076
parent: 42d4c301c45df41d1c724b7b86f8683a875c010a (diff)
download: gdb-35ee2dc2e4de8b1ae73f420d5db3375f92300b70.zip
gdb-35ee2dc2e4de8b1ae73f420d5db3375f92300b70.tar.gz
gdb-35ee2dc2e4de8b1ae73f420d5db3375f92300b70.tar.bz2
5 files changed, 141 insertions, 7 deletions
diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 92a69c3..f7d1de5 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,8 @@
+2018-11-07  Andrew Burgess  <andrew.burgess@embecosm.com>
+
+	* dwarf2read.c (dwarf2_init_integer_type): Check for name being
+	NULL before dereferencing it.
+
 2018-11-06  Tom de Vries  <tdevries@suse.de>
 
 	* linux-tdep.c (linux_vsyscall_range_raw): Use xmalloc to allocate
diff --git a/gdb/dwarf2read.c b/gdb/dwarf2read.c
index b237c81..d2a8cd4 100644
--- a/gdb/dwarf2read.c
+++ b/gdb/dwarf2read.c
@@ -17522,7 +17522,8 @@ dwarf2_init_integer_type (struct dwarf2_cu *cu, struct objfile *objfile,
   /* Versions of Intel's C Compiler generate an integer type called "void"
      instead of using DW_TAG_unspecified_type.  This has been seen on
      at least versions 14, 17, and 18.  */
-  if (bits == 0 && producer_is_icc (cu) && strcmp (name, "void") == 0)
+  if (bits == 0 && producer_is_icc (cu) && name != nullptr
+      && strcmp (name, "void") == 0)
     type = objfile_type (objfile)->builtin_void;
   else
     type = init_integer_type (objfile, bits, unsigned_p, name);
diff --git a/gdb/testsuite/ChangeLog b/gdb/testsuite/ChangeLog
index b528190..eaed8d7 100644
--- a/gdb/testsuite/ChangeLog
+++ b/gdb/testsuite/ChangeLog
@@ -1,3 +1,8 @@
+2018-11-07  Andrew Burgess  <andrew.burgess@embecosm.com>
+
+	* gdb.dwarf2/void-type.exp: Rename types, and make var_a an 'int'.
+	* gdb.dwarf2/missing-type-name.exp: New file.
+
 2018-11-06  Tom de Vries  <tdevries@suse.de>
 
 	* gdb.base/many-headers.c: New test.
diff --git a/gdb/testsuite/gdb.dwarf2/missing-type-name.exp b/gdb/testsuite/gdb.dwarf2/missing-type-name.exp
new file mode 100644
index 0000000..62d46e4
--- /dev/null
+++ b/gdb/testsuite/gdb.dwarf2/missing-type-name.exp
@@ -0,0 +1,123 @@
+# Copyright 2018 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# This tests some non-standard DWARF that we still expect GDB to be
+# able to handle.
+#
+# The DWARF standard (v5 5.1) says this:
+#
+#     A base type is represented by a debugging information entry with
+#     the tag DW_TAG_base_type.
+#
+#     A base type entry may have a DW_AT_name attribute whose value is
+#     a null-terminated string containing the name of the base type as
+#     recognized by the programming language of the compilation unit
+#     containing the base type entry.
+#
+# So the DW_AT_name field for a DW_TAG_base_type is optional.  This
+# test provides some basic checking that GDB doesn't crash when
+# presented with this situation.
+
+load_lib dwarf.exp
+
+# This test can only be run on targets which support DWARF-2 and use gas.
+if {![dwarf2_support]} {
+    return 0
+}
+
+standard_testfile void-type.c void-type.S
+
+# Make some DWARF for the test.
+set asm_file [standard_output_file $srcfile2]
+Dwarf::assemble $asm_file {
+    global srcdir subdir srcfile
+
+    set func_result [function_range func ${srcdir}/${subdir}/${srcfile}]
+    set func_start [lindex $func_result 0]
+    set func_length [lindex $func_result 1]
+
+    set main_result [function_range main ${srcdir}/${subdir}/${srcfile}]
+    set main_start [lindex $main_result 0]
+    set main_length [lindex $main_result 1]
+
+    cu {} {
+	DW_TAG_compile_unit {
+	        {DW_AT_producer "GNU C 8.1"}
+                {DW_AT_language @DW_LANG_C}
+                {DW_AT_name     void-type.c}
+                {DW_AT_comp_dir /tmp}
+        } {
+	    declare_labels main_type int_type ptr_type
+
+	    main_type: DW_TAG_base_type {
+		{DW_AT_byte_size 4 DW_FORM_sdata}
+		{DW_AT_encoding  @DW_ATE_signed}
+	    }
+
+	    int_type: DW_TAG_base_type {
+		{DW_AT_byte_size 0 DW_FORM_sdata}
+		{DW_AT_encoding  @DW_ATE_signed}
+	    }
+
+	    ptr_type: DW_TAG_pointer_type {
+		{DW_AT_type :$int_type}
+	    }
+
+            DW_TAG_subprogram {
+                {name func}
+                {low_pc $func_start addr}
+                {high_pc "$func_start + $func_length" addr}
+                {type :$int_type}
+	    }
+            DW_TAG_subprogram {
+                {name main}
+                {low_pc $main_start addr}
+                {high_pc "$main_start + $main_length" addr}
+                {type :$main_type}
+	    }
+
+	    DW_TAG_variable {
+		{DW_AT_name "var_a"}
+		{DW_AT_type :$main_type}
+		{DW_AT_external 1 DW_FORM_flag}
+		{DW_AT_location {DW_OP_addr [gdb_target_symbol "var_a"]} SPECIAL_expr}
+	    }
+
+	    DW_TAG_variable {
+		{DW_AT_name "var_ptr"}
+		{DW_AT_type :$ptr_type}
+		{DW_AT_external 1 DW_FORM_flag}
+		{DW_AT_location {DW_OP_addr [gdb_target_symbol "var_ptr"]} SPECIAL_expr}
+	    }
+	}
+    }
+}
+
+if { [prepare_for_testing "failed to prepare" ${testfile} \
+	  [list $srcfile $asm_file] {nodebug}] } {
+    return -1
+}
+
+if ![runto_main] {
+    return -1
+}
+
+# Use 'ptype' on two variables that are using DW_TAG_base_type types
+# with missing DW_AT_name attributes.
+gdb_test "ptype var_ptr" "type = <invalid type code $decimal> \\*" \
+    "ptype of a pointer to a basic type with missing name"
+
+gdb_test "ptype var_a" "type = <invalid type code $decimal>" \
+    "ptype of a variable that is a basic type with a missing name"
diff --git a/gdb/testsuite/gdb.dwarf2/void-type.exp b/gdb/testsuite/gdb.dwarf2/void-type.exp
index 3691bff..4367eee 100644
--- a/gdb/testsuite/gdb.dwarf2/void-type.exp
+++ b/gdb/testsuite/gdb.dwarf2/void-type.exp
@@ -53,35 +53,35 @@ Dwarf::assemble $asm_file {
                 {DW_AT_name     void-type.c}
                 {DW_AT_comp_dir /tmp}
         } {
-	    declare_labels main_type int_type ptr_type
+	    declare_labels int_type void_type ptr_type
 
-	    main_type: DW_TAG_base_type {
+	    int_type: DW_TAG_base_type {
 		{DW_AT_byte_size 4 DW_FORM_sdata}
 		{DW_AT_encoding  @DW_ATE_signed}
 		{DW_AT_name      int}
 	    }
 
-	    int_type: DW_TAG_base_type {
+	    void_type: DW_TAG_base_type {
 		{DW_AT_byte_size 0 DW_FORM_sdata}
 		{DW_AT_encoding  @DW_ATE_signed}
 		{DW_AT_name      void}
 	    }
 
 	    ptr_type: DW_TAG_pointer_type {
-		{DW_AT_type :$int_type}
+		{DW_AT_type :$void_type}
 	    }
 
             DW_TAG_subprogram {
                 {name func}
                 {low_pc $func_start addr}
                 {high_pc "$func_start + $func_length" addr}
-                {type :$int_type}
+                {type :$void_type}
 	    }
             DW_TAG_subprogram {
                 {name main}
                 {low_pc $main_start addr}
                 {high_pc "$main_start + $main_length" addr}
-                {type :$main_type}
+                {type :$int_type}
 	    }
 
 	    DW_TAG_variable {
author	Andrew Burgess <andrew.burgess@embecosm.com>	2018-11-06 19:55:21 +0000
committer	Andrew Burgess <andrew.burgess@embecosm.com>	2018-11-07 12:58:56 +0000
commit	35ee2dc2e4de8b1ae73f420d5db3375f92300b70 (patch)
tree	0e3bf62a6485e3d8d9345ed6d3a404919ab43076
parent	42d4c301c45df41d1c724b7b86f8683a875c010a (diff)
download	gdb-35ee2dc2e4de8b1ae73f420d5db3375f92300b70.zip gdb-35ee2dc2e4de8b1ae73f420d5db3375f92300b70.tar.gz gdb-35ee2dc2e4de8b1ae73f420d5db3375f92300b70.tar.bz2