diff options
author | Alan Modra <amodra@gmail.com> | 2023-10-10 18:18:07 +1030 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2023-10-10 22:17:29 +1030 |
commit | f22f27f46c756e753ab6dcc4df820fdd81e26367 (patch) | |
tree | 096b8f037d6cd594a1854eacfb7e8ecbba4a182f /binutils | |
parent | 322b071c45d5e5ae14d247e8fa74a4cff58e1a8a (diff) | |
download | gdb-f22f27f46c756e753ab6dcc4df820fdd81e26367.zip gdb-f22f27f46c756e753ab6dcc4df820fdd81e26367.tar.gz gdb-f22f27f46c756e753ab6dcc4df820fdd81e26367.tar.bz2 |
asan: null dereference in read_and_display_attr_value
This fixes multiple places in read_and_display_attr_value dealing with
range and location lists that can segfault when debug_info_p is NULL.
Fuzzed object files can contain arbitrary DW_FORMs.
* dwarf.c (read_and_display_attr_value): Don't dereference NULL
debug_info_p.
Diffstat (limited to 'binutils')
-rw-r--r-- | binutils/dwarf.c | 25 |
1 files changed, 9 insertions, 16 deletions
diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 2f4bb30..584c737 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -2770,7 +2770,9 @@ read_and_display_attr_value (unsigned long attribute, if (form == DW_FORM_loclistx) { - if (dwo) + if (debug_info_p == NULL ) + idx = (uint64_t) -1; + else if (dwo) { idx = fetch_indexed_offset (uvalue, loclists_dwo, debug_info_p->loclists_base, @@ -2778,7 +2780,7 @@ read_and_display_attr_value (unsigned long attribute, if (idx != (uint64_t) -1) idx += (offset_size == 8) ? 20 : 12; } - else if (debug_info_p == NULL || dwarf_version > 4) + else if (dwarf_version > 4) { idx = fetch_indexed_offset (uvalue, loclists, debug_info_p->loclists_base, @@ -2803,21 +2805,12 @@ read_and_display_attr_value (unsigned long attribute, } else if (form == DW_FORM_rnglistx) { - if (dwo) - { - idx = fetch_indexed_offset (uvalue, rnglists, - debug_info_p->rnglists_base, - debug_info_p->offset_size); - } + if (debug_info_p == NULL) + idx = (uint64_t) -1; else - { - if (debug_info_p == NULL) - base = 0; - else - base = debug_info_p->rnglists_base; - idx = fetch_indexed_offset (uvalue, rnglists, base, - debug_info_p->offset_size); - } + idx = fetch_indexed_offset (uvalue, rnglists, + debug_info_p->rnglists_base, + debug_info_p->offset_size); } else { |