Annotation of /trunk/gdb/patches/gdb-6.6-dwarf-stack-overflow.patch
Parent Directory | Revision Log
Revision 144 -
(hide annotations)
(download)
Tue May 8 20:06:05 2007 UTC (17 years, 4 months ago) by niro
File size: 3117 byte(s)
Tue May 8 20:06:05 2007 UTC (17 years, 4 months ago) by niro
File size: 3117 byte(s)
-import
1 | niro | 144 | http://bugs.gentoo.org/144833 |
2 | |||
3 | for gdb/ChangeLog: | ||
4 | 2006-08-22 Will Drewry <wad@google.com> | ||
5 | Tavis Ormandy <taviso@google.com> | ||
6 | |||
7 | * dwarf2read.c (decode_locdesc): Enforce location description stack | ||
8 | boundaries. | ||
9 | * dwarfread.c (locval): Likewise. | ||
10 | |||
11 | Index: gdb-6.5/gdb/dwarf2read.c | ||
12 | =================================================================== | ||
13 | --- gdb-6.5.orig/gdb/dwarf2read.c 2006-09-04 02:02:23.000000000 -0300 | ||
14 | +++ gdb-6.5/gdb/dwarf2read.c 2006-09-04 02:02:23.000000000 -0300 | ||
15 | @@ -8667,8 +8667,7 @@ dwarf2_fundamental_type (struct objfile | ||
16 | callers will only want a very basic result and this can become a | ||
17 | complaint. | ||
18 | |||
19 | - Note that stack[0] is unused except as a default error return. | ||
20 | - Note that stack overflow is not yet handled. */ | ||
21 | + Note that stack[0] is unused except as a default error return. */ | ||
22 | |||
23 | static CORE_ADDR | ||
24 | decode_locdesc (struct dwarf_block *blk, struct dwarf2_cu *cu) | ||
25 | @@ -8685,7 +8684,7 @@ decode_locdesc (struct dwarf_block *blk, | ||
26 | |||
27 | i = 0; | ||
28 | stacki = 0; | ||
29 | - stack[stacki] = 0; | ||
30 | + stack[++stacki] = 0; | ||
31 | |||
32 | while (i < size) | ||
33 | { | ||
34 | @@ -8864,6 +8863,16 @@ decode_locdesc (struct dwarf_block *blk, | ||
35 | dwarf_stack_op_name (op)); | ||
36 | return (stack[stacki]); | ||
37 | } | ||
38 | + /* Enforce maximum stack depth of size-1 to avoid ++stacki writing | ||
39 | + outside of the allocated space. Also enforce minimum > 0. | ||
40 | + -- wad@google.com 14 Aug 2006 */ | ||
41 | + if (stacki >= sizeof (stack) / sizeof (*stack) - 1) | ||
42 | + internal_error (__FILE__, __LINE__, | ||
43 | + _("location description stack too deep: %d"), | ||
44 | + stacki); | ||
45 | + if (stacki <= 0) | ||
46 | + internal_error (__FILE__, __LINE__, | ||
47 | + _("location description stack too shallow")); | ||
48 | } | ||
49 | return (stack[stacki]); | ||
50 | } | ||
51 | Index: gdb-6.5/gdb/dwarfread.c | ||
52 | =================================================================== | ||
53 | --- gdb-6.5.orig/gdb/dwarfread.c 2005-12-17 20:33:59.000000000 -0200 | ||
54 | +++ gdb-6.5/gdb/dwarfread.c 2006-09-04 02:02:23.000000000 -0300 | ||
55 | @@ -2138,9 +2138,7 @@ decode_line_numbers (char *linetable) | ||
56 | |||
57 | NOTES | ||
58 | |||
59 | - Note that stack[0] is unused except as a default error return. | ||
60 | - Note that stack overflow is not yet handled. | ||
61 | - */ | ||
62 | + Note that stack[0] is unused except as a default error return. */ | ||
63 | |||
64 | static int | ||
65 | locval (struct dieinfo *dip) | ||
66 | @@ -2160,7 +2158,7 @@ locval (struct dieinfo *dip) | ||
67 | loc += nbytes; | ||
68 | end = loc + locsize; | ||
69 | stacki = 0; | ||
70 | - stack[stacki] = 0; | ||
71 | + stack[++stacki] = 0; | ||
72 | dip->isreg = 0; | ||
73 | dip->offreg = 0; | ||
74 | dip->optimized_out = 1; | ||
75 | @@ -2224,6 +2222,16 @@ locval (struct dieinfo *dip) | ||
76 | stacki--; | ||
77 | break; | ||
78 | } | ||
79 | + /* Enforce maximum stack depth of size-1 to avoid ++stacki writing | ||
80 | + outside of the allocated space. Also enforce minimum > 0. | ||
81 | + -- wad@google.com 14 Aug 2006 */ | ||
82 | + if (stacki >= sizeof (stack) / sizeof (*stack) - 1) | ||
83 | + internal_error (__FILE__, __LINE__, | ||
84 | + _("location description stack too deep: %d"), | ||
85 | + stacki); | ||
86 | + if (stacki <= 0) | ||
87 | + internal_error (__FILE__, __LINE__, | ||
88 | + _("location description stack too shallow")); | ||
89 | } | ||
90 | return (stack[stacki]); | ||
91 | } |