* dwarf.c (display_debug_names): Complain when header length is
too small. Avoid pointer UB. Sanity check augmentation string,
CU table, TU table and foreign TU table sizes.
* dwarf.c (display_debug_frames): Delete initial_length_size.
Avoid pointer UB. Constrain data reads to length given in header.
Sanity check cie header length. Only skip up to next FDE on
finding augmentation data too long.
* dwarf.c (display_debug_ranges): Delete initial_length_size.
Correct fallback size calculated on finding a reloc. Constrain
data reads to length given in header. Avoid pointer UB.
* dwarf.c (get_line_filename_and_dirname): Delete initial_length_size.
Simplify length sanity check, and check for too small lengths.
Constrain data reads to header length. Avoid pointer UB.
The existing code went to the bother of using strnlen for scanning but
went wild when printing, and possibly incremented curr past end.
* dwarf.c (display_debug_macinfo): Print strings that might not
be zero terminated with %*s. Don't bump curr if unterminated.
The directory_table strnlen used the negative of the proper size. After
fixing that I realised we don't need strnlen here.
* dwarf.c (display_debug_lines_decoded): Don't use strnlen when
we have already checked for NUL termination.
This patch also better constrains the data read, and removes pointer UB.
* dwarf.c (read_debug_line_header): Delete initial_length_size.
Avoid pointer UB. Keep within length specified by header.
Delete dead code.
This patch constrains process_debug_info to stay within the data
specified by the CU length rather than allowing access up to the end
of the section.
* dwarf.c (process_debug_info): Always do the first CU length
scan for sanity checks. Remove initial_length_size var and
instead calculate end_cu. Use end_cu to limit data reads.
Delete now dead code checking length.
A sufficiently mad compiler optimiser can take undefined behaviour
according to the C standard as an opportunity to remove code. Since
"data + size" might be seen to be past the end of an array,
calculating such an expression is UB.
_mul_overflow is infrastructure for later patches.
* bucomm.h (_mul_overflow): Define.
* dwarf.c (get_encoded_value): Avoid pointer UB.
Well it didn't take long for the SAFE_BYTE_GET assert to trigger.
PR 27860
* dwarf.c (display_debug_frames): Sanity check cie_off before
attempting to read cie.
* dwarf.c (process_extended_line_op): Don't bump data pointer past
end when strnlen doesn't find string terminator.
(decode_location_expression): Remove dead code.
(skip_attr_bytes): Remove const from end param. Ensure data
pointer doesn't pass end.
(get_type_signedness): Remove const from end param.
(read_and_display_attr_value): Ensure data pointer doesn't pass end.
(display_debug_lines_raw, display_debug_lines_decoded): Likewise.
(display_debug_pubnames_worker): Likewise.
(display_debug_pubnames_worker): Use SAFE_BYTE_GET_AND INC rather
than blindly incrementing data pointer.
(display_debug_addr, display_debug_str_offsets): Likewise. Don't
compare pointers, compare lengths.
This rearranges SAFE_BYTE_GET* macros, eliminating some duplication,
and making sure that the _INC variants never increment their PTR arg
past END. I've added an assertion that should show us places where we
use them improperly with user derived PTR args, which I'm sure the
fuzzers will find for us.
* dwarf.c (SAFE_BYTE_GET_INTERNAL): Define.
(SAFE_BYTE_GET, SAFE_BYTE_GET_AND_INC): Define using the above.
(SAFE_SIGNED_BYTE_GET, SAFE_SIGNED_BYTE_GET_AND_INC): Likewise.
(display_discr_list): Use SAFE_BYTE_GET_AND_INC rather than
SAFE_BYTE_GET followed by increment.
(process_debug_info): Likewise, and test bytes remaining before
incrementing section_begin rather than using pointer comparison.
(display_debug_names): Pass lvalue as SAFE_BYTE_GET PTR.
(process_cu_tu_index): Likewise for SAFE_BYTE_GET_AND_INC.
Not quite infinite but much longer than it need be. The problem is
triggered by read_and_display_attr_value incrementing "data" past
"end". read_and_display_attr_value shouldn't do that, but be
defensive.
PR 27853
* dwarf.c (display_formatted_table): Test for data >= end rather
than data == end.
(process_extended_line_op): Likewise.
(display_debug_lines_raw): Likewise.
(display_debug_lines_decoded): Likewise.
Building as ILP32 shows:
gcc -m32 -DHAVE_CONFIG_H -I. -I/checkout/binutils -I. -I/checkout/binutils -I../bfd -I/checkout/binutils/../bfd -I/checkout/binutils/../include -DLOCALEDIR="\"/usr/local/share/locale\"" -Dbin_dummy_emulation=bin_vanilla_emulation -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Wshadow -Wstack-usage=262144 -Werror -I/checkout/binutils/../zlib -g -O2 -MT dwarf.o -MD -MP -MF $depbase.Tpo -c -o dwarf.o /checkout/binutils/dwarf.c &&\
mv -f $depbase.Tpo $depbase.Po
In file included from /checkout/binutils/sysdep.h:101:0,
from /checkout/binutils/dwarf.c:21:
/checkout/binutils/dwarf.c: In function 'process_abbrev_set':
/checkout/binutils/dwarf.c:1072:15: error: format '%lx' expects argument of type 'long unsigned int', but argument 2 has type 'dwarf_vma {aka long long unsigned int}' [-Werror=format=]
warn (_("Debug info is corrupted, abbrev size (%lx) is larger than "
^
/checkout/binutils/dwarf.c:1072:13: note: in expansion of macro '_'
warn (_("Debug info is corrupted, abbrev size (%lx) is larger than "
^
cc1: all warnings being treated as errors
Makefile:1101: recipe for target 'dwarf.o' failed
The recent commit, casting one of the terms, has an obvious
typo. To wit, the (non-cast) term abbrev_size is a
dwarf_vma and causes the whole expression to (still) be 64
bits.
binutils:
* dwarf.c (process_abbrev_set): Properly parenthesize before
casting to unsigned long.
PR 27845
* dwarf.c (process_abbrev_set): Replace start and end parameters
with section, abbrev_base, abbrev_size, abbrev_offset. Update
all callers. Sanity check parameters correctly and emit warnings
here rather than..
(process_debug_info): ..here.
PTR supplied to these macros can be read from user input, END is an
end of buffer pointer. It's safer to do arithmetic on END than on PTR.
* dwarf.c (SAFE_BYTE_GET): Check bounds by subtracting amount from
END rather than adding amount to PTR.
(SAFE_SIGNED_BYTE_GET, SAFE_BYTE_GET64): Likewise.
PR 27478
* objdump.c (process_links): New variable.
(usage): Add --process-links.
(long_options): Likewise.
(dump_bfd): Stop processing once the bfd has been loaded unless
this is the main file or process_links has been enabled.
(main): Handle the process-links option.
* readelf.c (process_links): New variable.
(struct filedata): Add is_separate field.
(options): Add --process-links.
(usage): Likewise.
(parse_args): Likewise.
(process_file_header): Include the filename when dumping
information for separate debuginfo files.
(process_program_headers): Likewise.
(process_section_headers): Likewise.
(process_section_groups): Likewise.
(process_relocs): Likewise.
(process_dynamic_section): Likewise.
(process_version_sections): Likewise.
(display_lto_symtab): Likewise.
(process_symbol_table): Likewise.
(process_syminfo): Likewise.
(initialise_dumps_by_name): Likewise.
(process_section_contents): Likewise.
(process_notes_at): Likewise.
(process_notes): Likewise.
(open_file): Add is_separate parameter. Use to initialise the
is_separate field in the filedata structure.
(open_deug): Update call to open_file.
(process_object): Add processing of the contents of separate
debuginfo files, gated by the process_links variable.
(process_archive): Update call to open_file.
(process_file): Initialise the is_separate field in the filedata
structure.
* dwarf.c (load_separate_debug_info_file): Only report the
loading of a separate file if debug links are being dumped.
* objcopy.c (keep_section_symbols): New variable.
(enum command_line_switch): Add OPTION_KEEP_SYMBOLS.
(strip_options): Add keep-section-symbols.
(copy_options): Likewise.
(copy_usage): Likewise.
(strip_usage): Likewise.
(copy_object): Keep section symbols if requested by command line
option.
(strip_main): Handle --keep-section-symbols.
(copy_main): Likewise.
* doc/binutils.texi: Document the new options.
* NEWS: Mention the new features.
* testsuite/binutils-all/compress.exp (test_gnu_debuglink):
Update options passed to objdump. Use diff rather than cmp to
compare the dumped data.
* testsuite/binutils-all/objdump.WK2: Update regexp.
* testsuite/binutils-all/objdump.WK3: Update regexp.
* testsuite/binutils-all/objdump.exp: Use --process-links
instead of --dwarf=follow-links.
* testsuite/binutils-all/readelf.exp (readelf_test): Include
readelf's output in the log when the test fails.
Add the -P option to the -wKis test.
* testsuite/binutils-all/readelf.wKis: Update expected output.
We shouldn't warn missing separate debug files when debug info isn't
needed.
PR binutils/27486
* dwarf.c (load_separate_debug_info): Issue warning only if
do_debug_links is set.
* testsuite/binutils-all/compress.exp: Run objdump and readelf
with missing debug file.
* dwarf.c (get_type_abbrev_from_form): Accept but ignore sup
forms.
(read_and_display_attr_value): Handle sup forms.
(display_debug_sup): New function. Displays the contents of a
.debug_sup section.
(load_debug_sup_file): New function. Loads the contents of a file
referenced by a .debug_sup section.
(check_for_and_load_links): Call load_debug_sup_file.
(debug_displays): Add entry for .debug_sup.
* dwarf.h (enum dwarf_section_display_enum): Add debug_sup.
* readelf.c (process_section_headers): Add support for debug_sup.
* doc/debug.options.texi: Note that the =links option will display
the contents of .debug_sup sections.
* NEWS: Mention the new support.
There is a tiny error left in dwarf.c:read_leb128 after Nick fixed the
signed overflow problem in code I wrote. It's to do with sleb128
values that have unnecessary excess bytes. For example, -1 is
represented as 0x7f, the most efficient encoding, but also as
0xff,0x7f or 0xff,0xff,0x7f and so on. None of these sequences
overflow any size signed value, but read_leb128 will report an
overflow given enough excess bytes. This patch fixes that problem,
and since the proper test for signed values with excess bytes can
easily be adapted to also test a sleb byte with just some bits that
overflow the result, I changed the code to not use signed right
shifts. (The C standard ISO/IEC 9899:1999 6.5.7 says signed right
shifts of negative values have an implementation defined value. A
long time ago I even used a C compiler for a certain microprocessor
that always did unsigned right shifts. Mind you, it is very unlikely
to be compiling binutils with such a compiler.)
bfd/
* wasm-module.c: Guard include of limits.h.
(CHAR_BIT): Provide backup define.
(wasm_read_leb128): Use CHAR_BIT to size "result" in bits.
Correct signed overflow checking.
opcodes/
* wasm32-dis.c: Include limits.h.
(CHAR_BIT): Provide backup define.
(wasm_read_leb128): Use CHAR_BIT to size "result" in bits.
Correct signed overflow checking.
binutils/
* dwarf.c: Include limits.h.
(CHAR_BIT): Provide backup define.
(read_leb128): Use CHAR_BIT to size "result" in bits. Correct
signed overflow checking.
* testsuite/binutils-all/pr26548.s,
* testsuite/binutils-all/pr26548.d,
* testsuite/binutils-all/pr26548e.d: New tests.
* testsuite/binutils-all/readelf.exp: Run them.
(readelf_test): Drop unused "xfails" parameter. Update all uses.
* objdump.c (load_specific_debug_section): Don't call
bfd_cache_section_contents. Rearrange so that
bfd_get_full_section_contents is not called on path where
bfd_simple_get_relocated_section_contents is called.
Don't set section->user_data.
(free_debug_section): Always free section->start. Don't twiddle
section flags.
* readelf.c (load_specific_debug_section): Don't set user_data.
* dwarf.h (struct dwarf_section): Remove use_data field.
* dwarf.c (NO_ABBREVS, ABBREV): Adjust to suit.
* configure.ac (follow-debug-links): Add option to enable or
disable the following of debug links by default. Set the
default for the option to be 'follow'.
* dwarf.c (do_follow_links): Initialise with DEFAULT_FOR_FOLLOW_LINKS.
(dwarf_select_sections_by_names): Add no-follow-links option.
(dwarf_select_sections_by_letter): Add 'N' option.
* objdump.c (usage): Add conditional text describing the
follow links option.
(slurp_symtab): Ensure that there is a NULL entry at the end
of the symbol table.
(slurp_dynamic_symtab): Likewise.
(dump_bfd): When extending the symbol table, ensure that there
is still a NULL entry at the end.
* readelf.c (usage): Add conditional text describing the
follow links option.
* doc/binutils.texi: Update documentation for objcopy and
readelf.
* doc/debug.options.texi: Update documentation of the
follow-links option.
* config.in: Regenerate.
* configure: Regenerate.
* testsuite/binutils-all/compress.exp: Add the -WN option to
objdump command lines that are not expecting to follow links.
* testsuite/binutils-all/readelf.exp: Add the
--debug-dump=no-follow-links option to tests that are not
expecting to follow debug links.
gas * testsuite/gas/mach-o/sections-1.d: Stop automatic debug link
following.
* testsuite/gas/xgate/insns-dwarf2.d: Likewise.
ld * testsuite/ld-elf/sec64k.exp: Stop readelf from automatically
following debug links.
