libbacktrace patch committed: Fix leb128 overflow test

Message ID	mcrbogjxl9o.fsf@google.com
State	New
Headers	show Return-Path: <gcc-patches-return-327982-incoming=patchwork.ozlabs.org@gcc.gnu.org> Comment: DKIM? See http://www.dkim.org Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gcc.gnu.org; h=Received:Received:X-SWARE-Spam-Status:X-Spam-Check-By:Received:Received:X-Google-DKIM-Signature:Received:Received:From:To:Cc:Subject:Date:Message-ID:User-Agent:MIME-Version:Content-Type:X-Gm-Message-State:X-IsSubscribed:Mailing-List:Precedence:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:Sender:Delivered-To; b=Qm2fc6+o4w/8BNm7+esFo1ECMk6ycHoZ+uIMjVXD5qsQ7uolW8a7qKFKLc7RdI 39mrCwEKXn4xToasYK7LvscewYwRbZ7bUO+BXaAGycwZ81R+1c+91gwoZoo6Z5Fb j+USMA8O2wANRlzoUvYcdKDxjKr1JA6AtpMgTzTXByPcI=; From: Ian Lance Taylor <iant@google.com> To: gcc-patches@gcc.gnu.org Cc: Philip Prindeville <philipp@fedoraproject.org> Subject: libbacktrace patch committed: Fix leb128 overflow test Date: Wed, 03 Oct 2012 15:07:15 -0700 Message-ID: <mcrbogjxl9o.fsf@google.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk Sender: gcc-patches-owner@gcc.gnu.org

Message ID

mcrbogjxl9o.fsf@google.com

State

New

Headers

Comment: DKIM? See http://www.dkim.org
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gcc.gnu.org;
	h=Received:Received:X-SWARE-Spam-Status:X-Spam-Check-By:Received:Received:X-Google-DKIM-Signature:Received:Received:From:To:Cc:Subject:Date:Message-ID:User-Agent:MIME-Version:Content-Type:X-Gm-Message-State:X-IsSubscribed:Mailing-List:Precedence:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:Sender:Delivered-To;
	b=Qm2fc6+o4w/8BNm7+esFo1ECMk6ycHoZ+uIMjVXD5qsQ7uolW8a7qKFKLc7RdI
	39mrCwEKXn4xToasYK7LvscewYwRbZ7bUO+BXaAGycwZ81R+1c+91gwoZoo6Z5Fb
	j+USMA8O2wANRlzoUvYcdKDxjKr1JA6AtpMgTzTXByPcI=;
From: Ian Lance Taylor <iant@google.com>
To: gcc-patches@gcc.gnu.org
Cc: Philip Prindeville <philipp@fedoraproject.org>
Subject: libbacktrace patch committed: Fix leb128 overflow test
Date: Wed, 03 Oct 2012 15:07:15 -0700
Message-ID: <mcrbogjxl9o.fsf@google.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
Sender: gcc-patches-owner@gcc.gnu.org

Commit Message

Ian Lance Taylor Oct. 3, 2012, 10:07 p.m. UTC

This patch to libbacktrace fixes the overflow test for the leb128
reading routines.  What matters is not the shift after the loop, but the
shift within the loop.  This also removes the setting of unit_buf.start
in build_address_map, which was simply wrong and was causing the error
message to print the wrong offset in the .debug_info section.
Bootstrapped and ran libbacktrace testsuite on
x86_64-unknown-linux-gnu.  Committed to mainline.

Ian


2012-10-03  Ian Lance Taylor  <iant@google.com>

	* dwarf.c (read_uleb128): Fix overflow test.
	(read_sleb128): Likewise.
	(build_address_map): Don't change unit_buf.start.

Index: dwarf.c
===================================================================
--- dwarf.c	(revision 191858)
+++ dwarf.c	(working copy)
@@ -524,10 +524,12 @@  read_uleb128 (struct dwarf_buf *buf)
 {
   uint64_t ret;
   unsigned int shift;
+  int overflow;
   unsigned char b;
 
   ret = 0;
   shift = 0;
+  overflow = 0;
   do
     {
       const unsigned char *p;
@@ -536,14 +538,17 @@  read_uleb128 (struct dwarf_buf *buf)
       if (!advance (buf, 1))
 	return 0;
       b = *p;
-      ret |= ((uint64_t) (b & 0x7f)) << shift;
+      if (shift < 64)
+	ret |= ((uint64_t) (b & 0x7f)) << shift;
+      else if (!overflow)
+	{
+	  dwarf_buf_error (buf, "LEB128 overflows uint64_t");
+	  overflow = 1;
+	}
       shift += 7;
     }
   while ((b & 0x80) != 0);
 
-  if (shift > 64)
-    dwarf_buf_error (buf, "LEB128 overflows uint64_5");
-
   return ret;
 }
 
@@ -554,10 +559,12 @@  read_sleb128 (struct dwarf_buf *buf)
 {
   uint64_t val;
   unsigned int shift;
+  int overflow;
   unsigned char b;
 
   val = 0;
   shift = 0;
+  overflow = 0;
   do
     {
       const unsigned char *p;
@@ -566,15 +573,18 @@  read_sleb128 (struct dwarf_buf *buf)
       if (!advance (buf, 1))
 	return 0;
       b = *p;
-      val |= ((uint64_t) (b & 0x7f)) << shift;
+      if (shift < 64)
+	val |= ((uint64_t) (b & 0x7f)) << shift;
+      else if (!overflow)
+	{
+	  dwarf_buf_error (buf, "signed LEB128 overflows uint64_t");
+	  overflow = 1;
+	}
       shift += 7;
     }
   while ((b & 0x80) != 0);
 
-  if (shift > 64)
-    dwarf_buf_error (buf, "signed LEB128 overflows uint64_t");
-
-  if ((b & 0x40) != 0)
+  if ((b & 0x40) != 0 && shift < 64)
     val |= ((uint64_t) -1) << shift;
 
   return (int64_t) val;
@@ -1262,7 +1272,6 @@  build_address_map (struct backtrace_stat
 	}
 
       unit_buf = info;
-      unit_buf.start = info.buf;
       unit_buf.left = len;
 
       if (!advance (&info, len))

libbacktrace patch committed: Fix leb128 overflow test

Commit Message

Patch