diff options
author | Alan Modra <amodra@gmail.com> | 2021-05-21 22:34:34 +0930 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2021-05-22 17:23:24 +0930 |
commit | 574ec1084d28ee56710ea48eb072e5c47226d247 (patch) | |
tree | 896e94db8291202128699acf9feec022f8a25db7 /bfd/wasm-module.c | |
parent | 1f1fb219fdc4f96fd967e6173e9090c4c4917e96 (diff) | |
download | gdb-574ec1084d28ee56710ea48eb072e5c47226d247.zip gdb-574ec1084d28ee56710ea48eb072e5c47226d247.tar.gz gdb-574ec1084d28ee56710ea48eb072e5c47226d247.tar.bz2 |
bfd dwarf2 sanity checking
This patch is aimed at the many places in dwarf2.c that blindly
increment a data pointer after calling functions that are meant to
read a fixed number of bytes. The problem with that is with damaged
dwarf we might increment a data pointer past the end of data, which is
UB and complicates (ie. bugs likely) any further use of that data
pointer. To fix those problems, I've moved incrementing of the data
pointer into the functions that do the reads. _bfd_safe_read_leb128
gets the same treatment for consistency.
* libbfd.c (_bfd_safe_read_leb128): Remove length_return parameter.
Replace data pointer with pointer to pointer. Increment pointer
over bytes read.
* libbfd-in.h (_bfd_safe_read_leb128): Update prototype.
* elf-attrs.c (_bfd_elf_parse_attributes): Adjust to suit. Be
careful not to increment data pointer past end. Remove now
redundant pr17512 check.
* wasm-module.c (READ_LEB128): Adjust to suit changes to
_bfd_safe_read_leb128.
* dwarf2.c (read_n_bytes): New inline function, old one renamed to..
(read_blk): ..this. Allocate and return block. Increment bfd_byte**
arg.
(read_3_bytes): New function.
(read_1_byte, read_1_signed_byte, read_2_bytes, read_4_bytes),
(read_8_bytes, read_string, read_indirect_string),
(read_indirect_line_string, read_alt_indirect_string): Take a
byte_byte** arg which is incremented over bytes read. Remove any
bytes_read return. Rewrite limit checks to compare lengths
rather than pointers.
(read_abbrevs, read_attribute_value, read_formatted_entries),
(decode_line_info, find_abstract_instance, read_ranges),
(read_rnglists, scan_unit_for_symbols, parse_comp_unit),
(stash_comp_unit): Adjust to suit. Rewrite limit checks to
compare lengths rather than pointers.
* libbfd.h: Regenerate.
Diffstat (limited to 'bfd/wasm-module.c')
-rw-r--r-- | bfd/wasm-module.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/bfd/wasm-module.c b/bfd/wasm-module.c index 5729e05..9735ebe 100644 --- a/bfd/wasm-module.c +++ b/bfd/wasm-module.c @@ -182,12 +182,9 @@ wasm_write_uleb128 (bfd *abfd, bfd_vma v) #define READ_LEB128(x, p, end) \ do \ { \ - unsigned int length_read; \ - (x) = _bfd_safe_read_leb128 (abfd, (p), &length_read, \ - false, (end)); \ - (p) += length_read; \ - if (length_read == 0) \ + if ((p) >= (end)) \ goto error_return; \ + (x) = _bfd_safe_read_leb128 (abfd, &(p), false, (end)); \ } \ while (0) |