[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/28069] readelf crashed due to Assertion failed in dwarf.c:
From: |
cvs-commit at gcc dot gnu.org |
Subject: |
[Bug binutils/28069] readelf crashed due to Assertion failed in dwarf.c:display_discr_list |
Date: |
Sat, 10 Jul 2021 04:06:54 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=28069
--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot
gnu.org> ---
The master branch has been updated by Alan Modra <amodra@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9039747fb4863c13eaf07f84bb28d50660fb8d85
commit 9039747fb4863c13eaf07f84bb28d50660fb8d85
Author: Alan Modra <amodra@gmail.com>
Date: Sat Jul 10 09:34:30 2021 +0930
PR28069, assertion fail in dwarf.c:display_discr_list
We shouldn't be asserting on anything to do with leb128 values, or
reporting file and line numbers when something unexpected happens.
leb128 data is of indeterminate length, perfect for fuzzer mayhem.
It would only make sense to assert or report dwarf.c/readelf.c source
lines if the code had already sized and sanity checked the leb128
values.
After removing the assertions, the testcase then gave:
<37> DW_AT_discr_list : 5 byte block: 0 0 0 0 0 (label 0, label 0,
label 0, label 0, <corrupt>
readelf: Warning: corrupt discr_list - unrecognized discriminant byte 0x5
<3d> DW_AT_encoding : 0 (void)
<3e> DW_AT_identifier_case: 0 (case_sensitive)
<3f> DW_AT_virtuality : 0 (none)
<40> DW_AT_decimal_sign: 5 (trailing separate)
So the DW_AT_discr_list was showing more data than just the 5 byte
block. That happened due to "end" pointing a long way past the end of
block, and uvalue decrementing past zero on one of the leb128 bytes.
PR 28069
* dwarf.c (display_discr_list): Remove assertions. Delete "end"
parameter, use initial "data" pointer as the end. Formatting.
Don't count down bytes as they are read.
(read_and_display_attr_value): Adjust display_discr_list call.
(read_and_print_leb128): Don't pass __FILE__ and __LINE__ to
report_leb_status.
* dwarf.h (report_leb_status): Don't report file and line
numbers. Delete file and lnum parameters,
(READ_ULEB, READ_SLEB): Adjust.
--
You are receiving this mail because:
You are on the CC list for the bug.