From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-59793-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 23133 invoked by alias); 10 Nov 2008 18:50:28 -0000
Received: (qmail 23076 invoked by uid 22791); 10 Nov 2008 18:50:27 -0000
X-Spam-Check-By: sourceware.org
Received: from rock.gnat.com (HELO rock.gnat.com) (205.232.38.15)     by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 10 Nov 2008 18:49:50 +0000
Received: from localhost (localhost.localdomain [127.0.0.1]) 	by filtered-rock.gnat.com (Postfix) with ESMTP id 60E0E2A95F4; 	Mon, 10 Nov 2008 13:49:48 -0500 (EST)
Received: from rock.gnat.com ([127.0.0.1]) 	by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024) 	with LMTP id 49qHRChdTmWG; Mon, 10 Nov 2008 13:49:48 -0500 (EST)
Received: from joel.gnat.com (localhost.localdomain [127.0.0.1]) 	by rock.gnat.com (Postfix) with ESMTP id 0591A2A95DD; 	Mon, 10 Nov 2008 13:49:48 -0500 (EST)
Received: by joel.gnat.com (Postfix, from userid 1000) 	id AAB87E7ACD; Mon, 10 Nov 2008 10:49:45 -0800 (PST)
Date: Mon, 10 Nov 2008 19:05:00 -0000
From: Joel Brobecker <brobecker@adacore.com>
To: Andreas Schwab <schwab@suse.de>
Cc: gdb-patches@sourceware.org
Subject: Re: Fix gdb crash during .debug_line parsing
Message-ID: <20081110184945.GH5112@adacore.com>
References: <jefxm6bahk.fsf@sykes.suse.de> <20081109172512.GB5112@adacore.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20081109172512.GB5112@adacore.com>
User-Agent: Mutt/1.4.2.2i
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2008-11/txt/msg00184.txt.bz2

> 2008-11-09  Jerome Guitton  <guitton@adacore.com>
> 
> 
>         * dwarf2read.c (dwarf2_debug_line_missing_end_sequence_complaint):
>         New function.
>         (dwarf_decode_lines): Detect null file numbers. Detect the end of
>         the line program sequence when no end sequence is emitted.

Now re-tested on x86-linux, with no regression. Andreas confirmed that
it looks good to him too, so I will commit this in a couple of days
unless there are some objections.


Index: dwarf2read.c
===================================================================
--- dwarf2read.c	(revision 134708)
+++ dwarf2read.c	(revision 134718)
@@ -695,6 +695,13 @@ dwarf2_debug_line_missing_file_complaint
 }
 
 static void
+dwarf2_debug_line_missing_end_sequence_complaint (void)
+{
+  complaint (&symfile_complaints,
+	     _(".debug_line section has line program sequence without an end"));
+}
+
+static void
 dwarf2_complex_location_expr_complaint (void)
 {
   complaint (&symfile_complaints, _("location expression too complex"));
@@ -7253,6 +7260,11 @@ dwarf_decode_lines (struct line_header *
 	{
 	  op_code = read_1_byte (abfd, line_ptr);
 	  line_ptr += 1;
+          if (line_ptr > line_end)
+            {
+              dwarf2_debug_line_missing_end_sequence_complaint ();
+              break;
+            }
 
 	  if (op_code >= lh->opcode_base)
 	    {		
@@ -7261,7 +7273,7 @@ dwarf_decode_lines (struct line_header *
 	      address += (adj_opcode / lh->line_range)
 		* lh->minimum_instruction_length;
 	      line += lh->line_base + (adj_opcode % lh->line_range);
-	      if (lh->num_file_names < file)
+	      if (lh->num_file_names < file || file == 0)
 		dwarf2_debug_line_missing_file_complaint ();
 	      else
 		{
@@ -7293,15 +7305,6 @@ dwarf_decode_lines (struct line_header *
 		{
 		case DW_LNE_end_sequence:
 		  end_sequence = 1;
-
-		  if (lh->num_file_names < file)
-		    dwarf2_debug_line_missing_file_complaint ();
-		  else
-		    {
-		      lh->file_names[file - 1].included_p = 1;
-		      if (!decode_for_pst_p)
-			record_line (current_subfile, 0, address);
-		    }
 		  break;
 		case DW_LNE_set_address:
 		  address = read_address (abfd, line_ptr, cu, &bytes_read);
@@ -7343,7 +7346,7 @@ dwarf_decode_lines (struct line_header *
 		}
 	      break;
 	    case DW_LNS_copy:
-	      if (lh->num_file_names < file)
+	      if (lh->num_file_names < file || file == 0)
 		dwarf2_debug_line_missing_file_complaint ();
 	      else
 		{
@@ -7381,7 +7384,7 @@ dwarf_decode_lines (struct line_header *
 
                 file = read_unsigned_leb128 (abfd, line_ptr, &bytes_read);
                 line_ptr += bytes_read;
-                if (lh->num_file_names < file)
+                if (lh->num_file_names < file || file == 0)
                   dwarf2_debug_line_missing_file_complaint ();
                 else
                   {
@@ -7432,6 +7435,14 @@ dwarf_decode_lines (struct line_header *
 	      }
 	    }
 	}
+      if (lh->num_file_names < file || file == 0)
+        dwarf2_debug_line_missing_file_complaint ();
+      else
+        {
+          lh->file_names[file - 1].included_p = 1;
+          if (!decode_for_pst_p)
+            record_line (current_subfile, 0, address);
+        }
     }
 
   if (decode_for_pst_p)