aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gdb/ChangeLog15
-rw-r--r--gdb/target-descriptions.c11
-rw-r--r--gdb/target-descriptions.h4
-rw-r--r--gdb/xml-tdesc.c58
4 files changed, 75 insertions, 13 deletions
diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index a6d59c0..1d59888 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,5 +1,20 @@
2016-03-15 Doug Evans <dje@google.com>
+ * target-descriptions.c (struct tdesc_type) <u.u.size>: Change type
+ from LONGEST to int.
+ (struct tdesc_type) <u.f.size>: Ditto.
+ (tdesc_set_struct_size): Change type of "size" arg from LONGEST
+ to int. Add assertion size > 0.
+ (tdesc_create_flags): Ditto.
+ * target-descriptions.h (tdesc_set_struct_size): Update.
+ (tdesc_create_flags): Update.
+ * xml-tdesc.c (MAX_FIELD_SIZE, MAX_FIELD_BITSIZE): New macros.
+ (MAX_VECTOR_SIZE): New macro.
+ (tdesc_start_struct): Catch conversion errors from LONGEST to int.
+ (tdesc_start_flags, tdesc_start_field, tdesc_start_vector): Ditto.
+
+2016-03-15 Doug Evans <dje@google.com>
+
* target-descriptions.c (maint_print_c_tdesc_cmd): Use "type" for
TYPE_CODE_FLAGS instead of "field_type", for consistency.
* features/i386/amd64-avx-linux.c: Regenerate.
diff --git a/gdb/target-descriptions.c b/gdb/target-descriptions.c
index 5ba167f..ac6e3a2 100644
--- a/gdb/target-descriptions.c
+++ b/gdb/target-descriptions.c
@@ -150,14 +150,14 @@ typedef struct tdesc_type
struct
{
VEC(tdesc_type_field) *fields;
- LONGEST size;
+ int size;
} u;
/* Flags type. */
struct
{
VEC(tdesc_type_flag) *flags;
- LONGEST size;
+ int size;
} f;
} u;
} *tdesc_type_p;
@@ -1340,9 +1340,10 @@ tdesc_create_struct (struct tdesc_feature *feature, const char *name)
suffice. */
void
-tdesc_set_struct_size (struct tdesc_type *type, LONGEST size)
+tdesc_set_struct_size (struct tdesc_type *type, int size)
{
gdb_assert (type->kind == TDESC_TYPE_STRUCT);
+ gdb_assert (size > 0);
type->u.u.size = size;
}
@@ -1360,10 +1361,12 @@ tdesc_create_union (struct tdesc_feature *feature, const char *name)
struct tdesc_type *
tdesc_create_flags (struct tdesc_feature *feature, const char *name,
- LONGEST size)
+ int size)
{
struct tdesc_type *type = XCNEW (struct tdesc_type);
+ gdb_assert (size > 0);
+
type->name = xstrdup (name);
type->kind = TDESC_TYPE_FLAGS;
type->u.f.size = size;
diff --git a/gdb/target-descriptions.h b/gdb/target-descriptions.h
index 43f92ea..f777a92 100644
--- a/gdb/target-descriptions.h
+++ b/gdb/target-descriptions.h
@@ -229,12 +229,12 @@ struct tdesc_type *tdesc_create_vector (struct tdesc_feature *feature,
int count);
struct tdesc_type *tdesc_create_struct (struct tdesc_feature *feature,
const char *name);
-void tdesc_set_struct_size (struct tdesc_type *type, LONGEST size);
+void tdesc_set_struct_size (struct tdesc_type *type, int size);
struct tdesc_type *tdesc_create_union (struct tdesc_feature *feature,
const char *name);
struct tdesc_type *tdesc_create_flags (struct tdesc_feature *feature,
const char *name,
- LONGEST size);
+ int size);
void tdesc_add_field (struct tdesc_type *type, const char *field_name,
struct tdesc_type *field_type);
void tdesc_add_bitfield (struct tdesc_type *type, const char *field_name,
diff --git a/gdb/xml-tdesc.c b/gdb/xml-tdesc.c
index b5439e5..adfe9fd 100644
--- a/gdb/xml-tdesc.c
+++ b/gdb/xml-tdesc.c
@@ -25,9 +25,14 @@
#include "xml-support.h"
#include "xml-tdesc.h"
#include "osabi.h"
-
#include "filenames.h"
+/* Maximum sizes.
+ This is just to catch obviously wrong values. */
+#define MAX_FIELD_SIZE 65536
+#define MAX_FIELD_BITSIZE (MAX_FIELD_SIZE * TARGET_CHAR_BIT)
+#define MAX_VECTOR_SIZE 65536
+
#if !defined(HAVE_LIBEXPAT)
/* Parse DOCUMENT into a target description. Or don't, since we don't have
@@ -259,8 +264,14 @@ tdesc_start_struct (struct gdb_xml_parser *parser,
attr = xml_find_attribute (attributes, "size");
if (attr != NULL)
{
- int size = (int) * (ULONGEST *) attr->value;
+ ULONGEST size = * (ULONGEST *) attr->value;
+ if (size > MAX_FIELD_SIZE)
+ {
+ gdb_xml_error (parser,
+ _("Struct size %s is larger than maximum (%d)"),
+ pulongest (size), MAX_FIELD_SIZE);
+ }
tdesc_set_struct_size (type, size);
data->current_type_size = size;
}
@@ -273,11 +284,17 @@ tdesc_start_flags (struct gdb_xml_parser *parser,
{
struct tdesc_parsing_data *data = (struct tdesc_parsing_data *) user_data;
char *id = (char *) xml_find_attribute (attributes, "id")->value;
- int length = (int) * (ULONGEST *)
+ ULONGEST size = * (ULONGEST *)
xml_find_attribute (attributes, "size")->value;
struct tdesc_type *type;
- type = tdesc_create_flags (data->current_feature, id, length);
+ if (size > MAX_FIELD_SIZE)
+ {
+ gdb_xml_error (parser,
+ _("Flags size %s is larger than maximum (%d)"),
+ pulongest (size), MAX_FIELD_SIZE);
+ }
+ type = tdesc_create_flags (data->current_feature, id, size);
data->current_type = type;
data->current_type_size = 0;
@@ -308,13 +325,33 @@ tdesc_start_field (struct gdb_xml_parser *parser,
attr = xml_find_attribute (attributes, "start");
if (attr != NULL)
- start = * (ULONGEST *) attr->value;
+ {
+ ULONGEST ul_start = * (ULONGEST *) attr->value;
+
+ if (ul_start > MAX_FIELD_BITSIZE)
+ {
+ gdb_xml_error (parser,
+ _("Field start %s is larger than maximum (%d)"),
+ pulongest (ul_start), MAX_FIELD_BITSIZE);
+ }
+ start = ul_start;
+ }
else
start = -1;
attr = xml_find_attribute (attributes, "end");
if (attr != NULL)
- end = * (ULONGEST *) attr->value;
+ {
+ ULONGEST ul_end = * (ULONGEST *) attr->value;
+
+ if (ul_end > MAX_FIELD_BITSIZE)
+ {
+ gdb_xml_error (parser,
+ _("Field end %s is larger than maximum (%d)"),
+ pulongest (ul_end), MAX_FIELD_BITSIZE);
+ }
+ end = ul_end;
+ }
else
end = -1;
@@ -389,12 +426,19 @@ tdesc_start_vector (struct gdb_xml_parser *parser,
struct gdb_xml_value *attrs = VEC_address (gdb_xml_value_s, attributes);
struct tdesc_type *field_type;
char *id, *field_type_id;
- int count;
+ ULONGEST count;
id = (char *) attrs[0].value;
field_type_id = (char *) attrs[1].value;
count = * (ULONGEST *) attrs[2].value;
+ if (count > MAX_VECTOR_SIZE)
+ {
+ gdb_xml_error (parser,
+ _("Vector size %s is larger than maximum (%d)"),
+ pulongest (count), MAX_VECTOR_SIZE);
+ }
+
field_type = tdesc_named_type (data->current_feature, field_type_id);
if (field_type == NULL)
gdb_xml_error (parser, _("Vector \"%s\" references undefined type \"%s\""),