Annotation of /trunk/gdb/patches/gdb-6.7.1-dwarf-stack-overflow.patch
Parent Directory | Revision Log
Revision 557 -
(hide annotations)
(download)
Mon Mar 31 11:07:22 2008 UTC (16 years, 5 months ago) by niro
File size: 1739 byte(s)
Mon Mar 31 11:07:22 2008 UTC (16 years, 5 months ago) by niro
File size: 1739 byte(s)
-re-diff
1 | niro | 557 | http://bugs.gentoo.org/144833 |
2 | |||
3 | for gdb/ChangeLog: | ||
4 | 2006-08-22 Will Drewry <wad@google.com> | ||
5 | Tavis Ormandy <taviso@google.com> | ||
6 | |||
7 | * dwarf2read.c (decode_locdesc): Enforce location description stack | ||
8 | boundaries. | ||
9 | * dwarfread.c (locval): Likewise. | ||
10 | |||
11 | Index: gdb-6.5/gdb/dwarf2read.c | ||
12 | =================================================================== | ||
13 | --- gdb-6.5.orig/gdb/dwarf2read.c 2006-09-04 02:02:23.000000000 -0300 | ||
14 | +++ gdb-6.5/gdb/dwarf2read.c 2006-09-04 02:02:23.000000000 -0300 | ||
15 | @@ -8667,8 +8667,7 @@ dwarf2_fundamental_type (struct objfile | ||
16 | callers will only want a very basic result and this can become a | ||
17 | complaint. | ||
18 | |||
19 | - Note that stack[0] is unused except as a default error return. | ||
20 | - Note that stack overflow is not yet handled. */ | ||
21 | + Note that stack[0] is unused except as a default error return. */ | ||
22 | |||
23 | static CORE_ADDR | ||
24 | decode_locdesc (struct dwarf_block *blk, struct dwarf2_cu *cu) | ||
25 | @@ -8685,7 +8684,7 @@ decode_locdesc (struct dwarf_block *blk, | ||
26 | |||
27 | i = 0; | ||
28 | stacki = 0; | ||
29 | - stack[stacki] = 0; | ||
30 | + stack[++stacki] = 0; | ||
31 | |||
32 | while (i < size) | ||
33 | { | ||
34 | @@ -8864,6 +8863,16 @@ decode_locdesc (struct dwarf_block *blk, | ||
35 | dwarf_stack_op_name (op)); | ||
36 | return (stack[stacki]); | ||
37 | } | ||
38 | + /* Enforce maximum stack depth of size-1 to avoid ++stacki writing | ||
39 | + outside of the allocated space. Also enforce minimum > 0. | ||
40 | + -- wad@google.com 14 Aug 2006 */ | ||
41 | + if (stacki >= sizeof (stack) / sizeof (*stack) - 1) | ||
42 | + internal_error (__FILE__, __LINE__, | ||
43 | + _("location description stack too deep: %d"), | ||
44 | + stacki); | ||
45 | + if (stacki <= 0) | ||
46 | + internal_error (__FILE__, __LINE__, | ||
47 | + _("location description stack too shallow")); | ||
48 | } | ||
49 | return (stack[stacki]); | ||
50 | } |