aboutsummaryrefslogtreecommitdiff
path: root/bfd/wasm-module.c
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2021-05-21 22:34:34 +0930
committerAlan Modra <amodra@gmail.com>2021-05-22 17:23:24 +0930
commit574ec1084d28ee56710ea48eb072e5c47226d247 (patch)
tree896e94db8291202128699acf9feec022f8a25db7 /bfd/wasm-module.c
parent1f1fb219fdc4f96fd967e6173e9090c4c4917e96 (diff)
downloadgdb-574ec1084d28ee56710ea48eb072e5c47226d247.zip
gdb-574ec1084d28ee56710ea48eb072e5c47226d247.tar.gz
gdb-574ec1084d28ee56710ea48eb072e5c47226d247.tar.bz2
bfd dwarf2 sanity checking
This patch is aimed at the many places in dwarf2.c that blindly increment a data pointer after calling functions that are meant to read a fixed number of bytes. The problem with that is with damaged dwarf we might increment a data pointer past the end of data, which is UB and complicates (ie. bugs likely) any further use of that data pointer. To fix those problems, I've moved incrementing of the data pointer into the functions that do the reads. _bfd_safe_read_leb128 gets the same treatment for consistency. * libbfd.c (_bfd_safe_read_leb128): Remove length_return parameter. Replace data pointer with pointer to pointer. Increment pointer over bytes read. * libbfd-in.h (_bfd_safe_read_leb128): Update prototype. * elf-attrs.c (_bfd_elf_parse_attributes): Adjust to suit. Be careful not to increment data pointer past end. Remove now redundant pr17512 check. * wasm-module.c (READ_LEB128): Adjust to suit changes to _bfd_safe_read_leb128. * dwarf2.c (read_n_bytes): New inline function, old one renamed to.. (read_blk): ..this. Allocate and return block. Increment bfd_byte** arg. (read_3_bytes): New function. (read_1_byte, read_1_signed_byte, read_2_bytes, read_4_bytes), (read_8_bytes, read_string, read_indirect_string), (read_indirect_line_string, read_alt_indirect_string): Take a byte_byte** arg which is incremented over bytes read. Remove any bytes_read return. Rewrite limit checks to compare lengths rather than pointers. (read_abbrevs, read_attribute_value, read_formatted_entries), (decode_line_info, find_abstract_instance, read_ranges), (read_rnglists, scan_unit_for_symbols, parse_comp_unit), (stash_comp_unit): Adjust to suit. Rewrite limit checks to compare lengths rather than pointers. * libbfd.h: Regenerate.
Diffstat (limited to 'bfd/wasm-module.c')
-rw-r--r--bfd/wasm-module.c7
1 files changed, 2 insertions, 5 deletions
diff --git a/bfd/wasm-module.c b/bfd/wasm-module.c
index 5729e05..9735ebe 100644
--- a/bfd/wasm-module.c
+++ b/bfd/wasm-module.c
@@ -182,12 +182,9 @@ wasm_write_uleb128 (bfd *abfd, bfd_vma v)
#define READ_LEB128(x, p, end) \
do \
{ \
- unsigned int length_read; \
- (x) = _bfd_safe_read_leb128 (abfd, (p), &length_read, \
- false, (end)); \
- (p) += length_read; \
- if (length_read == 0) \
+ if ((p) >= (end)) \
goto error_return; \
+ (x) = _bfd_safe_read_leb128 (abfd, &(p), false, (end)); \
} \
while (0)