diff options
-rw-r--r-- | gdb/ChangeLog | 15 | ||||
-rw-r--r-- | gdb/target-descriptions.c | 11 | ||||
-rw-r--r-- | gdb/target-descriptions.h | 4 | ||||
-rw-r--r-- | gdb/xml-tdesc.c | 58 |
4 files changed, 75 insertions, 13 deletions
diff --git a/gdb/ChangeLog b/gdb/ChangeLog index a6d59c0..1d59888 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,5 +1,20 @@ 2016-03-15 Doug Evans <dje@google.com> + * target-descriptions.c (struct tdesc_type) <u.u.size>: Change type + from LONGEST to int. + (struct tdesc_type) <u.f.size>: Ditto. + (tdesc_set_struct_size): Change type of "size" arg from LONGEST + to int. Add assertion size > 0. + (tdesc_create_flags): Ditto. + * target-descriptions.h (tdesc_set_struct_size): Update. + (tdesc_create_flags): Update. + * xml-tdesc.c (MAX_FIELD_SIZE, MAX_FIELD_BITSIZE): New macros. + (MAX_VECTOR_SIZE): New macro. + (tdesc_start_struct): Catch conversion errors from LONGEST to int. + (tdesc_start_flags, tdesc_start_field, tdesc_start_vector): Ditto. + +2016-03-15 Doug Evans <dje@google.com> + * target-descriptions.c (maint_print_c_tdesc_cmd): Use "type" for TYPE_CODE_FLAGS instead of "field_type", for consistency. * features/i386/amd64-avx-linux.c: Regenerate. diff --git a/gdb/target-descriptions.c b/gdb/target-descriptions.c index 5ba167f..ac6e3a2 100644 --- a/gdb/target-descriptions.c +++ b/gdb/target-descriptions.c @@ -150,14 +150,14 @@ typedef struct tdesc_type struct { VEC(tdesc_type_field) *fields; - LONGEST size; + int size; } u; /* Flags type. */ struct { VEC(tdesc_type_flag) *flags; - LONGEST size; + int size; } f; } u; } *tdesc_type_p; @@ -1340,9 +1340,10 @@ tdesc_create_struct (struct tdesc_feature *feature, const char *name) suffice. */ void -tdesc_set_struct_size (struct tdesc_type *type, LONGEST size) +tdesc_set_struct_size (struct tdesc_type *type, int size) { gdb_assert (type->kind == TDESC_TYPE_STRUCT); + gdb_assert (size > 0); type->u.u.size = size; } @@ -1360,10 +1361,12 @@ tdesc_create_union (struct tdesc_feature *feature, const char *name) struct tdesc_type * tdesc_create_flags (struct tdesc_feature *feature, const char *name, - LONGEST size) + int size) { struct tdesc_type *type = XCNEW (struct tdesc_type); + gdb_assert (size > 0); + type->name = xstrdup (name); type->kind = TDESC_TYPE_FLAGS; type->u.f.size = size; diff --git a/gdb/target-descriptions.h b/gdb/target-descriptions.h index 43f92ea..f777a92 100644 --- a/gdb/target-descriptions.h +++ b/gdb/target-descriptions.h @@ -229,12 +229,12 @@ struct tdesc_type *tdesc_create_vector (struct tdesc_feature *feature, int count); struct tdesc_type *tdesc_create_struct (struct tdesc_feature *feature, const char *name); -void tdesc_set_struct_size (struct tdesc_type *type, LONGEST size); +void tdesc_set_struct_size (struct tdesc_type *type, int size); struct tdesc_type *tdesc_create_union (struct tdesc_feature *feature, const char *name); struct tdesc_type *tdesc_create_flags (struct tdesc_feature *feature, const char *name, - LONGEST size); + int size); void tdesc_add_field (struct tdesc_type *type, const char *field_name, struct tdesc_type *field_type); void tdesc_add_bitfield (struct tdesc_type *type, const char *field_name, diff --git a/gdb/xml-tdesc.c b/gdb/xml-tdesc.c index b5439e5..adfe9fd 100644 --- a/gdb/xml-tdesc.c +++ b/gdb/xml-tdesc.c @@ -25,9 +25,14 @@ #include "xml-support.h" #include "xml-tdesc.h" #include "osabi.h" - #include "filenames.h" +/* Maximum sizes. + This is just to catch obviously wrong values. */ +#define MAX_FIELD_SIZE 65536 +#define MAX_FIELD_BITSIZE (MAX_FIELD_SIZE * TARGET_CHAR_BIT) +#define MAX_VECTOR_SIZE 65536 + #if !defined(HAVE_LIBEXPAT) /* Parse DOCUMENT into a target description. Or don't, since we don't have @@ -259,8 +264,14 @@ tdesc_start_struct (struct gdb_xml_parser *parser, attr = xml_find_attribute (attributes, "size"); if (attr != NULL) { - int size = (int) * (ULONGEST *) attr->value; + ULONGEST size = * (ULONGEST *) attr->value; + if (size > MAX_FIELD_SIZE) + { + gdb_xml_error (parser, + _("Struct size %s is larger than maximum (%d)"), + pulongest (size), MAX_FIELD_SIZE); + } tdesc_set_struct_size (type, size); data->current_type_size = size; } @@ -273,11 +284,17 @@ tdesc_start_flags (struct gdb_xml_parser *parser, { struct tdesc_parsing_data *data = (struct tdesc_parsing_data *) user_data; char *id = (char *) xml_find_attribute (attributes, "id")->value; - int length = (int) * (ULONGEST *) + ULONGEST size = * (ULONGEST *) xml_find_attribute (attributes, "size")->value; struct tdesc_type *type; - type = tdesc_create_flags (data->current_feature, id, length); + if (size > MAX_FIELD_SIZE) + { + gdb_xml_error (parser, + _("Flags size %s is larger than maximum (%d)"), + pulongest (size), MAX_FIELD_SIZE); + } + type = tdesc_create_flags (data->current_feature, id, size); data->current_type = type; data->current_type_size = 0; @@ -308,13 +325,33 @@ tdesc_start_field (struct gdb_xml_parser *parser, attr = xml_find_attribute (attributes, "start"); if (attr != NULL) - start = * (ULONGEST *) attr->value; + { + ULONGEST ul_start = * (ULONGEST *) attr->value; + + if (ul_start > MAX_FIELD_BITSIZE) + { + gdb_xml_error (parser, + _("Field start %s is larger than maximum (%d)"), + pulongest (ul_start), MAX_FIELD_BITSIZE); + } + start = ul_start; + } else start = -1; attr = xml_find_attribute (attributes, "end"); if (attr != NULL) - end = * (ULONGEST *) attr->value; + { + ULONGEST ul_end = * (ULONGEST *) attr->value; + + if (ul_end > MAX_FIELD_BITSIZE) + { + gdb_xml_error (parser, + _("Field end %s is larger than maximum (%d)"), + pulongest (ul_end), MAX_FIELD_BITSIZE); + } + end = ul_end; + } else end = -1; @@ -389,12 +426,19 @@ tdesc_start_vector (struct gdb_xml_parser *parser, struct gdb_xml_value *attrs = VEC_address (gdb_xml_value_s, attributes); struct tdesc_type *field_type; char *id, *field_type_id; - int count; + ULONGEST count; id = (char *) attrs[0].value; field_type_id = (char *) attrs[1].value; count = * (ULONGEST *) attrs[2].value; + if (count > MAX_VECTOR_SIZE) + { + gdb_xml_error (parser, + _("Vector size %s is larger than maximum (%d)"), + pulongest (count), MAX_VECTOR_SIZE); + } + field_type = tdesc_named_type (data->current_feature, field_type_id); if (field_type == NULL) gdb_xml_error (parser, _("Vector \"%s\" references undefined type \"%s\""), |