Toolchain/binutils-gdb
1
0
Fork 0
forked from Imagelibrary/binutils-gdb
Code Pull Requests Activity
Files
5aca7eaa2be78b5bb9f993b901b32acef51e5c45
binutils-gdb/gdb/testsuite/gdb.dwarf2/subrange.exp
Simon Marchi b70bff5ea5 gdb/dwarf: fix UBsan crash in read_subrange_type 
When running gdb.ada/arrayptr.exp (and others) on Ubuntu 22.04, with the
`gnat-11` package installed (not `gnat`), with UBSan activated, I get:

    (gdb) break foo.adb:40
    /home/smarchi/src/binutils-gdb/gdb/dwarf2/read.c:17689:20: runtime error: shift exponent 127 is too large for 64-bit type 'long unsigned int'

The problematic DIEs are:

    0x00001460:       DW_TAG_subrange_type
                        DW_AT_lower_bound [DW_FORM_data1]   (0x00)
                        DW_AT_upper_bound [DW_FORM_data16]  (ffffffffffffffff3f00000000000000)
                        DW_AT_name [DW_FORM_strp]   ("foo__packed_array___XP7___XDLU_0__1180591620717411303423")
                        DW_AT_type [DW_FORM_ref4]   (0x0000153f "long_long_long_unsigned")
                        DW_AT_GNAT_descriptive_type [DW_FORM_ref4]  (0x0000147e)
                        DW_AT_artificial [DW_FORM_flag_present]     (true)

    0x0000153f:   DW_TAG_base_type
                    DW_AT_byte_size [DW_FORM_data1] (0x10)
                    DW_AT_encoding [DW_FORM_data1]  (DW_ATE_unsigned)
                    DW_AT_name [DW_FORM_strp]       ("long_long_long_unsigned")
                    DW_AT_artificial [DW_FORM_flag_present] (true)

When processed by this code:

    negative_mask =
      -((ULONGEST) 1 << (base_type->length () * TARGET_CHAR_BIT - 1));
    if (low.kind () == PROP_CONST
        && !base_type->is_unsigned () && (low.const_val () & negative_mask))
      low.set_const_val (low.const_val () | negative_mask);

When the base type's length (16 bytes in this case) is larger than a
ULONGEST (typically 8 bytes), the bit shift is too large.

My obvious fix is just to skip the fixup for base types larger than a
ULONGEST (8 bytes).  I don't think we really handle constant attribute
values larger than 8 bytes anyway, so this is part of a much larger
problem.

Add a test that replicates this situation, but uses bounds that fit in a
signed 64 bit, so we get a sensible result.

Change-Id: I8d0a24f3edd83b44e0761a0ce38922d3e2e112fb
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=29386
2023-01-20 11:51:54 -05:00

117 lines
3.3 KiB
Plaintext
Raw Blame History

# Copyright 2013-2023 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
load_lib dwarf.exp
# This test can only be run on targets which support DWARF-2 and use gas.
require dwarf2_support
require allow_cplus_tests
standard_testfile method-ptr.cc -dw.S
# Make some DWARF for the test.
set asm_file [standard_output_file $srcfile2]
Dwarf::assemble $asm_file {
cu {} {
compile_unit {{language @DW_LANG_Pascal83}} {
declare_labels byte_label typedef_label array_label
# A subrange's underlying type that is a typedef.
byte_label: base_type {
{name byte}
{encoding @DW_ATE_unsigned}
{byte_size 1 DW_FORM_sdata}
}
typedef_label: typedef {
{name byte_typedef}
{type :$byte_label}
}
array_label: array_type {
{type :$byte_label}
} {
subrange_type {
{lower_bound 0 DW_FORM_sdata}
{upper_bound 191 DW_FORM_sdata}
{byte_stride 2 DW_FORM_sdata}
{type :$typedef_label}
}
}
typedef {
{name TByteArray}
{type :$array_label}
}
# This subrange's underlying type is signed, but the bounds are
# specified using a non-signed form.
declare_labels signed_byte_label subrange_with_buggy_negative_bounds_label
signed_byte_label: base_type {
{name signed_byte}
{encoding @DW_ATE_signed}
{byte_size 1 DW_FORM_sdata}
}
# The bounds mean -16 to -12.
subrange_with_buggy_negative_bounds_label: subrange_type {
{lower_bound 0xf0 DW_FORM_udata}
{upper_bound 0xf4 DW_FORM_udata}
{type :$signed_byte_label}
}
DW_TAG_variable {
{name subrange_with_buggy_negative_bounds_variable}
{type :$subrange_with_buggy_negative_bounds_label}
}
# This subrange's base type is 16-bytes long (although the bounds fit in
# signed 64-bit). This is to test the fix for PR 29386.
declare_labels a_16_byte_integer_label a_16_byte_subrange_label
a_16_byte_integer_label: base_type {
{byte_size 16 udata}
{encoding @DW_ATE_signed}
}
a_16_byte_subrange_label: subrange_type {
{lower_bound -9223372036854775808 DW_FORM_sdata}
{upper_bound 9223372036854775807 DW_FORM_sdata}
{type :$a_16_byte_integer_label}
}
DW_TAG_variable {
{name a_16_byte_subrange_variable}
{type :$a_16_byte_subrange_label}
}
}
}
}
if { [prepare_for_testing "failed to prepare" ${testfile} \
[list $srcfile $asm_file] {nodebug}] } {
return -1
}
gdb_test_no_output "set language pascal"
gdb_test "ptype TByteArray" \
"type = array \\\[0\\.\\.191\\\] of byte"
gdb_test "ptype subrange_with_buggy_negative_bounds_variable" \
"type = -16\\.\\.-12"
gdb_test "ptype a_16_byte_subrange_variable" \
"type = -9223372036854775808\\.\\.9223372036854775807"
View Git Blame Copy Permalink