From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 21284 invoked by alias); 9 Nov 2008 17:25:55 -0000 Received: (qmail 21193 invoked by uid 22791); 9 Nov 2008 17:25:54 -0000 X-Spam-Check-By: sourceware.org Received: from rock.gnat.com (HELO rock.gnat.com) (205.232.38.15) by sourceware.org (qpsmtpd/0.31) with ESMTP; Sun, 09 Nov 2008 17:25:17 +0000 Received: from localhost (localhost.localdomain [127.0.0.1]) by filtered-rock.gnat.com (Postfix) with ESMTP id 286282A9641; Sun, 9 Nov 2008 12:25:15 -0500 (EST) Received: from rock.gnat.com ([127.0.0.1]) by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id sdM9We14FYrY; Sun, 9 Nov 2008 12:25:15 -0500 (EST) Received: from joel.gnat.com (localhost.localdomain [127.0.0.1]) by rock.gnat.com (Postfix) with ESMTP id A5DDD2A963D; Sun, 9 Nov 2008 12:25:14 -0500 (EST) Received: by joel.gnat.com (Postfix, from userid 1000) id 849C7E7ACD; Sun, 9 Nov 2008 09:25:12 -0800 (PST) Date: Sun, 09 Nov 2008 17:25:00 -0000 From: Joel Brobecker To: Andreas Schwab Cc: gdb-patches@sourceware.org Subject: Re: Fix gdb crash during .debug_line parsing Message-ID: <20081109172512.GB5112@adacore.com> References: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="+QahgC5+KEYLbs62" Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.4.2.2i Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2008-11/txt/msg00160.txt.bz2 --+QahgC5+KEYLbs62 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-length: 1581 > 2008-11-05 Andreas Schwab > > * dwarf2read.c (dwarf_decode_lines): Add checks for corrupted line > number programs. Funny, we had a very similar problem not very long ago... > - if (!decode_for_pst_p && lh->num_file_names >= file) > + if (!decode_for_pst_p && file != 0 && lh->num_file_names >= file) I believe that this hunk is useless, since this check is at the beginning of the while loop where file is initialized to 1, so file can never be zero at this point. > @@ -7102,7 +7109,7 @@ dwarf_decode_lines (struct line_header * > line += lh->line_base + (adj_opcode % lh->line_range); > if (lh->num_file_names < file) > dwarf2_debug_line_missing_file_complaint (); > - else > + else if (file != 0) > { > lh->file_names[file - 1].included_p = 1; > if (!decode_for_pst_p) The problem I see with your approach is taht we don't get to issue a complaint if file is zero. Attached is the patch that we have checked in our tree. It handles the incorrect file number as well as a missing end­sequence. Could you test it on your side to see if it fixes your problem(s)? 2008-11-09 Jerome Guitton * dwarf2read.c (dwarf2_debug_line_missing_end_sequence_complaint): New function. (dwarf_decode_lines): Detect null file numbers. Detect the end of the line program sequence when no end sequence is emitted. If it works for you, then I'll do a round of testing and commit (I might have to fix some space-vs-tabs issues as well, sigh...). -- Joel --+QahgC5+KEYLbs62 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="jerome.diff" Content-length: 2788 Index: dwarf2read.c =================================================================== --- dwarf2read.c (revision 134708) +++ dwarf2read.c (revision 134718) @@ -695,6 +695,13 @@ dwarf2_debug_line_missing_file_complaint } static void +dwarf2_debug_line_missing_end_sequence_complaint (void) +{ + complaint (&symfile_complaints, + _(".debug_line section has line program sequence without an end")); +} + +static void dwarf2_complex_location_expr_complaint (void) { complaint (&symfile_complaints, _("location expression too complex")); @@ -7253,6 +7260,11 @@ dwarf_decode_lines (struct line_header * { op_code = read_1_byte (abfd, line_ptr); line_ptr += 1; + if (line_ptr > line_end) + { + dwarf2_debug_line_missing_end_sequence_complaint (); + break; + } if (op_code >= lh->opcode_base) { @@ -7261,7 +7273,7 @@ dwarf_decode_lines (struct line_header * address += (adj_opcode / lh->line_range) * lh->minimum_instruction_length; line += lh->line_base + (adj_opcode % lh->line_range); - if (lh->num_file_names < file) + if (lh->num_file_names < file || file == 0) dwarf2_debug_line_missing_file_complaint (); else { @@ -7293,15 +7305,6 @@ dwarf_decode_lines (struct line_header * { case DW_LNE_end_sequence: end_sequence = 1; - - if (lh->num_file_names < file) - dwarf2_debug_line_missing_file_complaint (); - else - { - lh->file_names[file - 1].included_p = 1; - if (!decode_for_pst_p) - record_line (current_subfile, 0, address); - } break; case DW_LNE_set_address: address = read_address (abfd, line_ptr, cu, &bytes_read); @@ -7343,7 +7346,7 @@ dwarf_decode_lines (struct line_header * } break; case DW_LNS_copy: - if (lh->num_file_names < file) + if (lh->num_file_names < file || file == 0) dwarf2_debug_line_missing_file_complaint (); else { @@ -7381,7 +7384,7 @@ dwarf_decode_lines (struct line_header * file = read_unsigned_leb128 (abfd, line_ptr, &bytes_read); line_ptr += bytes_read; - if (lh->num_file_names < file) + if (lh->num_file_names < file || file == 0) dwarf2_debug_line_missing_file_complaint (); else { @@ -7432,6 +7435,14 @@ dwarf_decode_lines (struct line_header * } } } + if (lh->num_file_names < file || file == 0) + dwarf2_debug_line_missing_file_complaint (); + else + { + lh->file_names[file - 1].included_p = 1; + if (!decode_for_pst_p) + record_line (current_subfile, 0, address); + } } if (decode_for_pst_p) --+QahgC5+KEYLbs62--