From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 27644 invoked by alias); 5 Nov 2008 12:53:41 -0000 Received: (qmail 27595 invoked by uid 22791); 5 Nov 2008 12:53:40 -0000 X-Spam-Check-By: sourceware.org Received: from mail.suse.de (HELO mx1.suse.de) (195.135.220.2) by sourceware.org (qpsmtpd/0.31) with ESMTP; Wed, 05 Nov 2008 12:52:58 +0000 Received: from Relay2.suse.de (mail2.suse.de [195.135.221.8]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.suse.de (Postfix) with ESMTP id 64B004296A for ; Wed, 5 Nov 2008 13:52:55 +0100 (CET) From: Andreas Schwab To: gdb-patches@sourceware.org Subject: Fix gdb crash during .debug_line parsing X-Yow: ONE: I will donate my entire ``BABY HUEY'' comic book collection to the downtown PLASMA CENTER.. TWO: I won't START a BAND called ``KHADAFY & THE HIT SQUAD''.. THREE: I won't ever TUMBLE DRY my FOX TERRIER again!! Date: Wed, 05 Nov 2008 12:53:00 -0000 Message-ID: User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2008-11/txt/msg00075.txt.bz2 gdb should not crash when the line number program has been corrupted. Andreas. 2008-11-05 Andreas Schwab * dwarf2read.c (dwarf_decode_lines): Add checks for corrupted line number programs. Index: dwarf2read.c =================================================================== RCS file: /cvs/src/src/gdb/dwarf2read.c,v retrieving revision 1.290 diff -u -a -p -u -p -a -r1.290 dwarf2read.c --- dwarf2read.c 24 Oct 2008 18:21:00 -0000 1.290 +++ dwarf2read.c 5 Nov 2008 12:44:15 -0000 @@ -7072,7 +7072,7 @@ dwarf_decode_lines (struct line_header * int basic_block = 0; int end_sequence = 0; - if (!decode_for_pst_p && lh->num_file_names >= file) + if (!decode_for_pst_p && file != 0 && lh->num_file_names >= file) { /* Start a subfile for the current file of the state machine. */ /* lh->include_dirs and lh->file_names are 0-based, but the @@ -7090,6 +7090,13 @@ dwarf_decode_lines (struct line_header * /* Decode the table. */ while (!end_sequence) { + if (line_ptr >= line_end) + { + complaint (&symfile_complaints, + _("mangled .debug_line section")); + break; + } + op_code = read_1_byte (abfd, line_ptr); line_ptr += 1; @@ -7102,7 +7109,7 @@ dwarf_decode_lines (struct line_header * line += lh->line_base + (adj_opcode % lh->line_range); if (lh->num_file_names < file) dwarf2_debug_line_missing_file_complaint (); - else + else if (file != 0) { lh->file_names[file - 1].included_p = 1; if (!decode_for_pst_p) @@ -7135,7 +7142,7 @@ dwarf_decode_lines (struct line_header * if (lh->num_file_names < file) dwarf2_debug_line_missing_file_complaint (); - else + else if (file != 0) { lh->file_names[file - 1].included_p = 1; if (!decode_for_pst_p) @@ -7184,7 +7191,7 @@ dwarf_decode_lines (struct line_header * case DW_LNS_copy: if (lh->num_file_names < file) dwarf2_debug_line_missing_file_complaint (); - else + else if (file != 0) { lh->file_names[file - 1].included_p = 1; if (!decode_for_pst_p) @@ -7220,7 +7227,7 @@ dwarf_decode_lines (struct line_header * file = read_unsigned_leb128 (abfd, line_ptr, &bytes_read); line_ptr += bytes_read; - if (lh->num_file_names < file) + if (file == 0 || lh->num_file_names < file) dwarf2_debug_line_missing_file_complaint (); else { -- Andreas Schwab, SuSE Labs, schwab@suse.de SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."