From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10696 invoked by alias); 1 Jul 2007 21:56:26 -0000 Received: (qmail 10687 invoked by uid 22791); 1 Jul 2007 21:56:25 -0000 X-Spam-Check-By: sourceware.org Received: from NaN.false.org (HELO nan.false.org) (208.75.86.248) by sourceware.org (qpsmtpd/0.31) with ESMTP; Sun, 01 Jul 2007 21:56:23 +0000 Received: from nan.false.org (localhost [127.0.0.1]) by nan.false.org (Postfix) with ESMTP id 6EB13982B8; Sun, 1 Jul 2007 21:56:21 +0000 (GMT) Received: from caradoc.them.org (22.svnf5.xdsl.nauticom.net [209.195.183.55]) by nan.false.org (Postfix) with ESMTP id E23FB98299; Sun, 1 Jul 2007 21:56:20 +0000 (GMT) Received: from drow by caradoc.them.org with local (Exim 4.67) (envelope-from ) id 1I57OY-0007wP-28; Sun, 01 Jul 2007 17:55:50 -0400 Date: Sun, 01 Jul 2007 21:56:00 -0000 From: Daniel Jacobowitz To: gdb-patches@sourceware.org, ismail@pardus.org.tr Subject: [rfc] Do not crash reading UPX binaries Message-ID: <20070701215549.GA26528@caradoc.them.org> Mail-Followup-To: gdb-patches@sourceware.org, ismail@pardus.org.tr MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.15 (2007-04-09) X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2007-07/txt/msg00014.txt.bz2 This patch issues an error instead of a segfault on the testcase in PR 2280. UPX is a binary compression system; it's infamous for producing very strange files, which are only "just valid enough". In this case, it claims that the symbol table is at a large offset in a very small file. I don't think it's worth supporting files this modified. Does anyone think we need to do better, or shall I check in the attached? -- Daniel Jacobowitz CodeSourcery 2007-07-01 Daniel Jacobowitz PR gdb/2280 * coffread.c (read_one_sym): Check for read errors. Index: coffread.c =================================================================== RCS file: /cvs/src/src/gdb/coffread.c,v retrieving revision 1.73 diff -u -p -r1.73 coffread.c --- coffread.c 19 Jun 2007 17:21:51 -0000 1.73 +++ coffread.c 1 Jul 2007 21:53:06 -0000 @@ -1118,20 +1118,29 @@ read_one_sym (struct coff_symbol *cs, union internal_auxent *aux) { int i; + bfd_size_type bytes; cs->c_symnum = symnum; - bfd_bread (temp_sym, local_symesz, nlist_bfd_global); + bytes = bfd_bread (temp_sym, local_symesz, nlist_bfd_global); + if (bytes != local_symesz) + error ("%s: error reading symbols", current_objfile->name); bfd_coff_swap_sym_in (symfile_bfd, temp_sym, (char *) sym); cs->c_naux = sym->n_numaux & 0xff; if (cs->c_naux >= 1) { - bfd_bread (temp_aux, local_auxesz, nlist_bfd_global); + bytes = bfd_bread (temp_aux, local_auxesz, nlist_bfd_global); + if (bytes != local_auxesz) + error ("%s: error reading symbols", current_objfile->name); bfd_coff_swap_aux_in (symfile_bfd, temp_aux, sym->n_type, sym->n_sclass, 0, cs->c_naux, (char *) aux); /* If more than one aux entry, read past it (only the first aux is important). */ for (i = 1; i < cs->c_naux; i++) - bfd_bread (temp_aux, local_auxesz, nlist_bfd_global); + { + bytes = bfd_bread (temp_aux, local_auxesz, nlist_bfd_global); + if (bytes != local_auxesz) + error ("%s: error reading symbols", current_objfile->name); + } } cs->c_name = getsymname (sym); cs->c_value = sym->n_value;