aboutsummaryrefslogtreecommitdiff
path: root/binutils/dwarf.c
AgeCommit message (Collapse)AuthorFilesLines
2021-11-10PR28543, readelf entered an infinite loopAlan Modra1-0/+2
This little tweak terminates fuzzed binary readelf output a little quicker. PR 28543 * dwarf.c (read_and_display_attr_value): Consume a byte when form is unrecognized.
2021-11-05PR28541, unstable cie offset in the output of readelfAlan Modra1-6/+11
Calculating "0 - pointer" can indeed result in seeming randomness as the pointer address varies. PR 28541 * dwarf.c (display_debug_frames): Don't print cie offset when invalid, print "invalid" instead. Remove now redundant warning.
2021-11-03Use section name in warnings in display_debug_locTom Tromey1-8/+12
While looking at an apparently malformed executable with "readelf --debug-dump=loc", I got this warning: readelf: ./main: Warning: There is a hole [0x89 - 0x95] in .debug_loc section. However, the executable only has a .debug_loclists section. This patch fixes the warning messages in display_debug_loc to use the name of the section that is being processed. binutils/ChangeLog 2021-11-03 Tom Tromey <tromey@adacore.com> * dwarf.c (display_debug_loc): Use section name in warnings.
2021-11-03asan: assert (addr_ranges) <= (start)Alan Modra1-10/+9
That assert would be more obvious if it were reported as "addr_ranges <= end_ranges". Fix that by using the obvious variable in the final loop. Stop the assertion by using a signed comparison: It's possible for the rounding up of the arange pointer to exceed the end of the block when the block size is fuzzed. * dwarf.c (display_debug_aranges): Use "end_ranges" in loop displaying ranges rather that "start". Simplify rounding up to 2*address_size boundary. Use signed comparison in loop.
2021-10-17PR28459, readelf issues bogus warningAlan Modra1-1/+0
I'd missed the fact that the .debug_rnglists dump doesn't exactly display the contents of the section. Instead readelf rummages through .debug_info looking for DW_AT_ranges entries, then displays the entries in .debug_rnglists pointed at, sorted. A simpler dump of the actual section contents might be more useful and robust, but it was likely done that way to detect overlap and holes. Anyway, the headers in .debug_rnglists besides the first are ignored, and limiting to the unit length of the first header fails if there is more than one unit. PR 28459 * dwarf.c (display_debug_ranges): Don't constrain data to length in header.
2021-09-29PR27202, readelf -wL doesn't work on ".loc 0"Alan Modra1-3/+8
For DWARF revision 4 and earlier, display_debug_lines_decoded populates the file_table array with entries read from .debug_line after the directory table. file_table[0] contains the first entry. DWARF rev 4 line number programs index this entry as file number one. DWARF revision 5 changes .debug_line format quite extensively, and in particular gives file number zero a meaning. PR 27202 * dwarf.c (display_debug_lines_decoded): Correct indexing used for DWARF5 files.
2021-07-16Updated Swedish translation for the binutils sub-directoryNick Clifton1-2/+4
2021-07-14objdump: add DWARF support for AIXClément Chigot1-45/+45
DWARF sections have special names on AIX which need be handled by objdump in order to correctly print them. This patch also adds the correlation in bfd for future uses. bfd/ * libxcoff.h (struct xcoff_dwsect_name): Add DWARF name. * coff-rs6000.c (xcoff_dwsect_names): Update. * coffcode.h (sec_to_styp_flags): Likewise. (coff_new_section_hook): Likewise. binutils/ * dwarf.h (struct dwarf_section): Add XCOFF name. * dwarf.c (struct dwarf_section_display): Update. * objdump.c (load_debug_section): Add XCOFF name handler. (dump_dwarf_section): Likewise. gas/ * config/tc-ppc.c (ppc_change_debug_section): Update to match new name's field.
2021-07-10PR28069, assertion fail in dwarf.c:display_discr_listAlan Modra1-16/+8
We shouldn't be asserting on anything to do with leb128 values, or reporting file and line numbers when something unexpected happens. leb128 data is of indeterminate length, perfect for fuzzer mayhem. It would only make sense to assert or report dwarf.c/readelf.c source lines if the code had already sized and sanity checked the leb128 values. After removing the assertions, the testcase then gave: <37> DW_AT_discr_list : 5 byte block: 0 0 0 0 0 (label 0, label 0, label 0, label 0, <corrupt> readelf: Warning: corrupt discr_list - unrecognized discriminant byte 0x5 <3d> DW_AT_encoding : 0 (void) <3e> DW_AT_identifier_case: 0 (case_sensitive) <3f> DW_AT_virtuality : 0 (none) <40> DW_AT_decimal_sign: 5 (trailing separate) So the DW_AT_discr_list was showing more data than just the 5 byte block. That happened due to "end" pointing a long way past the end of block, and uvalue decrementing past zero on one of the leb128 bytes. PR 28069 * dwarf.c (display_discr_list): Remove assertions. Delete "end" parameter, use initial "data" pointer as the end. Formatting. Don't count down bytes as they are read. (read_and_display_attr_value): Adjust display_discr_list call. (read_and_print_leb128): Don't pass __FILE__ and __LINE__ to report_leb_status. * dwarf.h (report_leb_status): Don't report file and line numbers. Delete file and lnum parameters, (READ_ULEB, READ_SLEB): Adjust.
2021-07-05PR28047, readelf crash due to assertion failureAlan Modra1-6/+10
DW_FORM_ref1, DW_FORM_ref2, DW_FORM_ref4, DW_FORM_ref1, and DW_FORM_ref_udata are all supposed to be within the containing unit. PR 28047 * dwarf.c (get_type_abbrev_from_form): Add cu_end parameter. Check DW_FORM_ref1 etc. arg against cu_end rather than end of section. Adjust all callers.
2021-07-02PR28048, heap-buffer-overflow on readelf -WwAlan Modra1-1/+1
PR 28048 * dwarf.c (get_type_signedness): Don't run off end of buffer printing DW_FORM_string attribute.
2021-06-30Handle DW_FORM_implicit_const when displaying an attributeNick Clifton1-0/+4
* dwarf.c (read_and_display_attr_value): Handle DW_FORM_implicit_const.
2021-06-30Fix signedness of def_cfa_sf and def_cfa_offset_sfRichard Henderson1-7/+9
* dwarf.c (display_debug_frames): Both DW_CFA_def_cfa_sf and DW_CFA_def_cfa_offset_sf have a signed offset.
2021-06-19dwarf.c: string_fortify.h strncpy errorAlan Modra1-16/+8
In function 'strncpy', inlined from 'display_debug_lines_decoded' at /home/alan/src/binutils-gdb/binutils/dwarf.c:5434:5, inlined from 'display_debug_lines' at /home/alan/src/binutils-gdb/binutils/dwarf.c:5567:21: /usr/include/bits/string_fortified.h:95:10: error: '__builtin_strncpy' specified bound 36 equals destination size [-Werror=stringop-truncation] No need for strncpy here, the string being copied always fits the destination buffer. * dwarf.c (display_debug_lines_decoded): Use memcpy rather than strncpy when trimming file name length to MAX_FILENAME_LENGTH. Don't make an unnecessary copy when length is good.
2021-06-14Use consistent type in binutils/dwarf.cEric Botcazou1-10/+10
If you look at the type used for implicit_const objects in binutils/dwarf.c, you'll get sometimes bfd_signed_vma and sometimes dwarf_signed_vma. They are the same on 64-bit hosts, but not on 32-bit hosts, and the latter discrepancy, in particular in process_abbrev_set, is responsible for the following error issued by objdump on some object files containing DWARF 5: binutils/dwarf.c:1108: read LEB value is too large to store in destination variable binutis/ * dwarf.c (struct abbrev_attr): Change type of implicit_const. (add_abbrev_attr): Likewise. (process_abbrev_set): Likewise. (display_debug_abbrev): Adjust to above change.
2021-06-07fix Dwarf2 build with certain gcc versionsJan Beulich1-1/+1
Older gcc reports: .../bfd/dwarf2.c: In function 'read_ranges': .../bfd/dwarf2.c:3107: error: comparison between signed and unsigned .../bfd/dwarf2.c: In function 'read_rnglists': .../bfd/dwarf2.c:3189: error: comparison between signed and unsigned Similarly for binutils/dwarf.c. Arrange for the left sides of the > to also be unsigned quantities.
2021-05-19Fix a build problem if ENABLE_CHECKING is not defined.Eli Schwartz1-0/+4
* dwarf.c (ENABLE_CHECKING): Define to 0 if not previously set.
2021-05-19PR27884, skip_attr_bytes: Assertion (data) <= (end) failedAlan Modra1-19/+23
PR 27884 * dwarf.c (get_type_abbrev_from_form): Replace cu_offset_return param with map_return, and return map for DW_FORM_ref_addr. (get_type_signedness): Adjust calls to get_type_abbrev_from_form. Pass returned cu map start and end to recursive call. (read_and_display_attr_value): Similarly.
2021-05-15process_cu_tu_indexAlan Modra1-27/+9
* dwarf.c (process_cu_tu_index): Avoid pointer UB. Use _mul_overflow. Delete dead code.
2021-05-15display_gdb_indexAlan Modra1-11/+7
* dwarf.c (display_gdb_index): Avoid pointer UB and overflow in length calculations.
2021-05-15display_debug_namesAlan Modra1-15/+29
* dwarf.c (display_debug_names): Complain when header length is too small. Avoid pointer UB. Sanity check augmentation string, CU table, TU table and foreign TU table sizes.
2021-05-15display_debug_framesAlan Modra1-103/+107
* dwarf.c (display_debug_frames): Delete initial_length_size. Avoid pointer UB. Constrain data reads to length given in header. Sanity check cie header length. Only skip up to next FDE on finding augmentation data too long.
2021-05-15read_cieAlan Modra1-1/+12
* dwarf.c (read_cie): Add more sanity checks to ensure data pointer is not bumped past end.
2021-05-15display_debug_rangesAlan Modra1-10/+6
* dwarf.c (display_debug_ranges): Delete initial_length_size. Correct fallback size calculated on finding a reloc. Constrain data reads to length given in header. Avoid pointer UB.
2021-05-15display_debug_rnglists_listAlan Modra1-1/+1
* dwarf.c (display_debug_rnglists_list): Avoid pointer UB.
2021-05-15display_debug_str_offsetsAlan Modra1-2/+2
* dwarf.c (display_debug_str_offsets): Constrain reads to length given in header.
2021-05-15display_debug_arangesAlan Modra1-18/+15
* dwarf.c (display_debug_aranges): Delete initial_length_size. Use end_ranges to constrain data reads to header length. Avoid pointer UB.
2021-05-15display_loc_listAlan Modra1-7/+13
* dwarf.c (display_loc_list): Avoid pointer UB. Correct check before reading uleb length. Warn on excess length.
2021-05-15display_debug_macroAlan Modra1-6/+10
* dwarf.c (display_debug_macro): Print strings that might not be zero terminated with %*s. Don't bump curr if unterminated.
2021-05-15get_line_filename_and_dirnameAlan Modra1-15/+22
* dwarf.c (get_line_filename_and_dirname): Delete initial_length_size. Simplify length sanity check, and check for too small lengths. Constrain data reads to header length. Avoid pointer UB.
2021-05-15display_debug_macinfoAlan Modra1-9/+15
The existing code went to the bother of using strnlen for scanning but went wild when printing, and possibly incremented curr past end. * dwarf.c (display_debug_macinfo): Print strings that might not be zero terminated with %*s. Don't bump curr if unterminated.
2021-05-15display_debug_pubnames_workerAlan Modra1-20/+14
* dwarf.c (display_debug_pubnames_worker): Delete initial_length_size. Simplify length check. Constrain reads to length given by header.
2021-05-15display_debug_lines_decodedAlan Modra1-4/+4
The directory_table strnlen used the negative of the proper size. After fixing that I realised we don't need strnlen here. * dwarf.c (display_debug_lines_decoded): Don't use strnlen when we have already checked for NUL termination.
2021-05-15read_debug_line_headerAlan Modra1-18/+5
This patch also better constrains the data read, and removes pointer UB. * dwarf.c (read_debug_line_header): Delete initial_length_size. Avoid pointer UB. Keep within length specified by header. Delete dead code.
2021-05-15process_debug_infoAlan Modra1-82/+61
This patch constrains process_debug_info to stay within the data specified by the CU length rather than allowing access up to the end of the section. * dwarf.c (process_debug_info): Always do the first CU length scan for sanity checks. Remove initial_length_size var and instead calculate end_cu. Use end_cu to limit data reads. Delete now dead code checking length.
2021-05-15SAFE_BYTE_GET_INTERNALAlan Modra1-1/+4
We won't want this assert triggering in the next release. * dwarf.c (SAFE_BYTE_GET_INTERNAL): Assert only when ENABLE_CHECKING.
2021-05-15_mul_overflow and get_encoded_valueAlan Modra1-1/+1
A sufficiently mad compiler optimiser can take undefined behaviour according to the C standard as an opportunity to remove code. Since "data + size" might be seen to be past the end of an array, calculating such an expression is UB. _mul_overflow is infrastructure for later patches. * bucomm.h (_mul_overflow): Define. * dwarf.c (get_encoded_value): Avoid pointer UB.
2021-05-13revert previous deltaNick Clifton1-7/+0
2021-05-13Fix an infinite loop in the DWARF decoder when parsing a corrupt string table.Nick Clifton1-1/+8
PR 27861 * dwarf.c (display_debug_str_offsets): Warn if the length field is larger than the amount of data remaining in the section.
2021-05-13PR27861, Infinite loop in dwarf.c:7507-7526Alan Modra1-1/+8
PR 27861 * dwarf.c (display_debug_str_offsets): Sanity check dwarf5 header length.
2021-05-13PR27860, Segmentation fault on readelf -wAlan Modra1-0/+2
Well it didn't take long for the SAFE_BYTE_GET assert to trigger. PR 27860 * dwarf.c (display_debug_frames): Sanity check cie_off before attempting to read cie.
2021-05-12Ensure data pointer kept within boundsAlan Modra1-40/+56
* dwarf.c (process_extended_line_op): Don't bump data pointer past end when strnlen doesn't find string terminator. (decode_location_expression): Remove dead code. (skip_attr_bytes): Remove const from end param. Ensure data pointer doesn't pass end. (get_type_signedness): Remove const from end param. (read_and_display_attr_value): Ensure data pointer doesn't pass end. (display_debug_lines_raw, display_debug_lines_decoded): Likewise. (display_debug_pubnames_worker): Likewise. (display_debug_pubnames_worker): Use SAFE_BYTE_GET_AND INC rather than blindly incrementing data pointer. (display_debug_addr, display_debug_str_offsets): Likewise. Don't compare pointers, compare lengths.
2021-05-12SAFE_BYTE_GETAlan Modra1-82/+61
This rearranges SAFE_BYTE_GET* macros, eliminating some duplication, and making sure that the _INC variants never increment their PTR arg past END. I've added an assertion that should show us places where we use them improperly with user derived PTR args, which I'm sure the fuzzers will find for us. * dwarf.c (SAFE_BYTE_GET_INTERNAL): Define. (SAFE_BYTE_GET, SAFE_BYTE_GET_AND_INC): Define using the above. (SAFE_SIGNED_BYTE_GET, SAFE_SIGNED_BYTE_GET_AND_INC): Likewise. (display_discr_list): Use SAFE_BYTE_GET_AND_INC rather than SAFE_BYTE_GET followed by increment. (process_debug_info): Likewise, and test bytes remaining before incrementing section_begin rather than using pointer comparison. (display_debug_names): Pass lvalue as SAFE_BYTE_GET PTR. (process_cu_tu_index): Likewise for SAFE_BYTE_GET_AND_INC.
2021-05-12SAFE_BYTE_GET64Alan Modra1-157/+43
Functions dealing with lack of a 64-bit integer type can disappear now that we require C99. Printing using dwarf_vmatoa is better too. binutils/ * dwarf.c (dwarf_vmatoa64, SAFE_BYTE_GET64, add64): Delete. (skip_attr_bytes): Replace use of SAFE_BYTE_GET64 with SAFE_BYTE_GET_AND_INC. (read_and_display_attr_value): Likewise. Print using dwarf_vmatoa. (process_debug_info, process_cu_tu_index): Likewise. * elfcomm.c (byte_put, byte_put_little_endian, byte_put_big_endian), (byte_get, byte_get_little_endian, byte_get_big_endian), (byte_get_signed): Make size param unsigned. Remove code dealing with 4-byte elf_vma. (byte_get_64): Delete. * elfcomm.h (byte_put, byte_put_little_endian, byte_put_big_endian), (byte_get, byte_get_little_endian, byte_get_big_endian), (byte_get_signed): Update prototypes. (byte_get_64): Delete. gas/ * testsuite/gas/elf/dwarf-5-file0.d: Update. * testsuite/gas/i386/dwarf5-line-1.d: Update.
2021-05-12PR27836, readelf -w pointer comparison UBAlan Modra1-4/+6
PR 27836 * dwarf.c (display_debug_frames): Don't compare pointers derived from user input. Test offset against bounds instead.
2021-05-12PR27853, Infinite loop in dwarf.cAlan Modra1-12/+12
Not quite infinite but much longer than it need be. The problem is triggered by read_and_display_attr_value incrementing "data" past "end". read_and_display_attr_value shouldn't do that, but be defensive. PR 27853 * dwarf.c (display_formatted_table): Test for data >= end rather than data == end. (process_extended_line_op): Likewise. (display_debug_lines_raw): Likewise. (display_debug_lines_decoded): Likewise.
2021-05-12PR27849, heap-buffer-overflow on readelf -wAlan Modra1-8/+24
PR 27849 * dwarf.c (fetch_indexed_string): Correct length sanity checks. Sanity check section size for version and padding too. Correct index sanity check. Handle multiple tables in .debug_str_offsets.
2021-05-11dwarf.c (process_abbrev_set): Properly parenthesize, fix falloutHans-Peter Nilsson1-1/+1
Building as ILP32 shows: gcc -m32 -DHAVE_CONFIG_H -I. -I/checkout/binutils -I. -I/checkout/binutils -I../bfd -I/checkout/binutils/../bfd -I/checkout/binutils/../include -DLOCALEDIR="\"/usr/local/share/locale\"" -Dbin_dummy_emulation=bin_vanilla_emulation -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Wshadow -Wstack-usage=262144 -Werror -I/checkout/binutils/../zlib -g -O2 -MT dwarf.o -MD -MP -MF $depbase.Tpo -c -o dwarf.o /checkout/binutils/dwarf.c &&\ mv -f $depbase.Tpo $depbase.Po In file included from /checkout/binutils/sysdep.h:101:0, from /checkout/binutils/dwarf.c:21: /checkout/binutils/dwarf.c: In function 'process_abbrev_set': /checkout/binutils/dwarf.c:1072:15: error: format '%lx' expects argument of type 'long unsigned int', but argument 2 has type 'dwarf_vma {aka long long unsigned int}' [-Werror=format=] warn (_("Debug info is corrupted, abbrev size (%lx) is larger than " ^ /checkout/binutils/dwarf.c:1072:13: note: in expansion of macro '_' warn (_("Debug info is corrupted, abbrev size (%lx) is larger than " ^ cc1: all warnings being treated as errors Makefile:1101: recipe for target 'dwarf.o' failed The recent commit, casting one of the terms, has an obvious typo. To wit, the (non-cast) term abbrev_size is a dwarf_vma and causes the whole expression to (still) be 64 bits. binutils: * dwarf.c (process_abbrev_set): Properly parenthesize before casting to unsigned long.
2021-05-11PR27845, readelf heap-buffer-overflowAlan Modra1-38/+42
PR 27845 * dwarf.c (process_abbrev_set): Replace start and end parameters with section, abbrev_base, abbrev_size, abbrev_offset. Update all callers. Sanity check parameters correctly and emit warnings here rather than.. (process_debug_info): ..here.
2021-05-10Avoid possible pointer wrapAlan Modra1-3/+3
PTR supplied to these macros can be read from user input, END is an end of buffer pointer. It's safer to do arithmetic on END than on PTR. * dwarf.c (SAFE_BYTE_GET): Check bounds by subtracting amount from END rather than adding amount to PTR. (SAFE_SIGNED_BYTE_GET, SAFE_BYTE_GET64): Likewise.