diff options
author | Nick Clifton <nickc@redhat.com> | 2014-04-30 17:04:04 +0100 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2014-04-30 17:04:04 +0100 |
commit | a953eec996f2f93914cc78d68d4478a2660432b6 (patch) | |
tree | cfee3d9c40c75de51ab05c29e44fb241dcc836da | |
parent | 1cfdf5340af6f07bb44b97c278f7036ef8db5c43 (diff) | |
download | gdb-a953eec996f2f93914cc78d68d4478a2660432b6.zip gdb-a953eec996f2f93914cc78d68d4478a2660432b6.tar.gz gdb-a953eec996f2f93914cc78d68d4478a2660432b6.tar.bz2 |
Fixes a problem with the BFD library running out of memory because it mistakenly
thought that an uncompressed .debug_str section was compressed.
* compress.c (bfd_is_section_compressed): When checking the
.debug_str section, also check the fifth byte in the section is
not part of a string.
* binutils-all/debug_str.s: New test.
* binutils-all/debug_str.d: New test control file.
* binutils-all/compress.exp: Run debug_str test.
-rw-r--r-- | bfd/ChangeLog | 6 | ||||
-rw-r--r-- | bfd/compress.c | 10 | ||||
-rw-r--r-- | binutils/testsuite/ChangeLog | 6 | ||||
-rw-r--r-- | binutils/testsuite/binutils-all/compress.exp | 10 | ||||
-rw-r--r-- | binutils/testsuite/binutils-all/debug_str.d | 9 | ||||
-rw-r--r-- | binutils/testsuite/binutils-all/debug_str.s | 12 |
6 files changed, 53 insertions, 0 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 4a4d3cf..414ebab 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2014-04-30 Nick Clifton <nickc@redhat.com> + + * compress.c (bfd_is_section_compressed): When checking the + .debug_str section, also check the fifth byte in the section is + not part of a string. + 2014-04-30 Alan Modra <amodra@gmail.com> * elf-eh-frame.c (struct cie.personality): Replace val with sym. diff --git a/bfd/compress.c b/bfd/compress.c index 5a289e6..20eef95 100644 --- a/bfd/compress.c +++ b/bfd/compress.c @@ -24,6 +24,7 @@ #ifdef HAVE_ZLIB_H #include <zlib.h> #endif +#include "safe-ctype.h" #ifdef HAVE_ZLIB_H static bfd_boolean @@ -303,6 +304,15 @@ bfd_is_section_compressed (bfd *abfd, sec_ptr sec) compressed = (bfd_get_section_contents (abfd, sec, compressed_buffer, 0, 12) && CONST_STRNEQ ((char*) compressed_buffer, "ZLIB")); + /* Check for the pathalogical case of a debug string section that + contains the string ZLIB.... as the first entry. We assume that + no uncompressed .debug_str section would ever be big enough to + have the first byte of its (big-endian) size be non-zero. */ + if (compressed + && strcmp (sec->name, ".debug_str") == 0 + && ISPRINT (compressed_buffer[4])) + compressed = FALSE; + /* Restore compress_status. */ sec->compress_status = saved; return compressed; diff --git a/binutils/testsuite/ChangeLog b/binutils/testsuite/ChangeLog index a308b63..1231a24 100644 --- a/binutils/testsuite/ChangeLog +++ b/binutils/testsuite/ChangeLog @@ -1,3 +1,9 @@ +2014-04-30 Nick Clifton <nickc@redhat.com> + + * binutils-all/debug_str.s: New test. + * binutils-all/debug_str.d: New test control file. + * binutils-all/compress.exp: Run debug_str test. + 2014-04-22 Christian Svensson <blue@cmd.nu> * binutils-all/objcopy.exp: Remove openrisc and or32 support. Add diff --git a/binutils/testsuite/binutils-all/compress.exp b/binutils/testsuite/binutils-all/compress.exp index 570425b..d74555d 100644 --- a/binutils/testsuite/binutils-all/compress.exp +++ b/binutils/testsuite/binutils-all/compress.exp @@ -173,3 +173,13 @@ if ![string match "" $got] then { fail "objcopy ($testname)" } } + +if ![is_remote host] { + set tempfile tmpdir/debug_str.o + set copyfile tmpdir/debug_str.copy +} else { + set tempfile [remote_download host tmpdir/debug_str.o] + set copyfile debug_str.copy +} + +run_dump_test "debug_str" diff --git a/binutils/testsuite/binutils-all/debug_str.d b/binutils/testsuite/binutils-all/debug_str.d new file mode 100644 index 0000000..eda1db1 --- /dev/null +++ b/binutils/testsuite/binutils-all/debug_str.d @@ -0,0 +1,9 @@ +#PROG: objcopy +#source: debug_str.s +#objdump: -h +#name: Uncompressed .debug_str section starting with ZLIB + +.*ebug_str.copy.o: file format .* +#... + . .debug_str 0+01. 0+0 0+0 0+0.. 2..0 +#... diff --git a/binutils/testsuite/binutils-all/debug_str.s b/binutils/testsuite/binutils-all/debug_str.s new file mode 100644 index 0000000..485d0cc --- /dev/null +++ b/binutils/testsuite/binutils-all/debug_str.s @@ -0,0 +1,12 @@ +/* This test is derived from a C source file which, when compiled by gcc + with debugging enabled, managed to create a .debug_str section whose + first string was ZLIB_VER_SUBVERSION. The code in bfd/compress.c + used to just check for the characters "ZLIB" at the start of a section + and then assume that the section was compressed. This meant that the BFD + library then processed the next 8 bytes as if they were the size of the + decompressed version of the section. Naturally with this test case the + resulting size was gigantic and consequently the library quickly ran out + of memory. */ + + .section .debug_str,"MS",@progbits,1 + .string "ZLIB_VER_SUBREVISION 0" |