FreeChainXenon/binutils-gdb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Revert previous delta to debug.c. Replace with patch to reject indirect types that point to indirect types.

Browse source 
PR 28718
	* dwarf.c: Revert previous delta.
	(debug_get_real_type): Reject indirect types that point to
	indirect types.
	(debug_get_type_name, debug_get_type_size, debug_write_type):
	Likewise.
This commit is contained in:
Pavel Mayorov 2022-01-07 12:34:37 +00:00 committed by Nick Clifton
parent aed44286ef
commit 0e9f1c04b9
2 changed files with 23 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

10
binutils/ChangeLog
View file

@ -1,6 +1,14 @@
2022-01-06 Nick Clifton <nickc@redhat.com> 2022-01-07 Pavel Mayorov <pmayorov@cloudlinux.com>
PR 28718 PR 28718
* dwarf.c: Revert previous delta.
(debug_get_real_type): Reject indirect types that point to
indirect types.
(debug_get_type_name, debug_get_type_size, debug_write_type):
Likewise.
2022-01-06 Nick Clifton <nickc@redhat.com>
* debug.c (debug_write_type): Allow for malicious recursion via * debug.c (debug_write_type): Allow for malicious recursion via
indirect debug types. indirect debug types.

31
binutils/debug.c
View file

@ -2065,7 +2065,9 @@ debug_get_real_type (void *handle, debug_type type,
/* The default case is just here to avoid warnings. */ /* The default case is just here to avoid warnings. */
default: default:
case DEBUG_KIND_INDIRECT: case DEBUG_KIND_INDIRECT:
if (*type->u.kindirect->slot != NULL) /* A valid non-self-referencing indirect type. */
if (*type->u.kindirect->slot != NULL
&& *type->u.kindirect->slot != type)
return debug_get_real_type (handle, *type->u.kindirect->slot, &rl); return debug_get_real_type (handle, *type->u.kindirect->slot, &rl);
return type; return type;
case DEBUG_KIND_NAMED: case DEBUG_KIND_NAMED:
@ -2095,7 +2097,9 @@ debug_get_type_name (void *handle, debug_type type)
{ {
if (type->kind == DEBUG_KIND_INDIRECT) if (type->kind == DEBUG_KIND_INDIRECT)
{ {
if (*type->u.kindirect->slot != NULL) /* A valid non-self-referencing indirect type. */
if (*type->u.kindirect->slot != NULL
&& *type->u.kindirect->slot != type)
return debug_get_type_name (handle, *type->u.kindirect->slot); return debug_get_type_name (handle, *type->u.kindirect->slot);
return type->u.kindirect->tag; return type->u.kindirect->tag;
} }
@ -2124,7 +2128,9 @@ debug_get_type_size (void *handle, debug_type type)
default: default:
return 0; return 0;
case DEBUG_KIND_INDIRECT: case DEBUG_KIND_INDIRECT:
if (*type->u.kindirect->slot != NULL) /* A valid non-self-referencing indirect type. */
if (*type->u.kindirect->slot != NULL
&& *type->u.kindirect->slot != type)
return debug_get_type_size (handle, *type->u.kindirect->slot); return debug_get_type_size (handle, *type->u.kindirect->slot);
return 0; return 0;
case DEBUG_KIND_NAMED: case DEBUG_KIND_NAMED:
@ -2484,22 +2490,11 @@ debug_write_type (struct debug_handle *info,
debug_error (_("debug_write_type: illegal type encountered")); debug_error (_("debug_write_type: illegal type encountered"));
return false; return false;
case DEBUG_KIND_INDIRECT: case DEBUG_KIND_INDIRECT:
/* PR 28718: Allow for malicious recursion. */ /* Prevent infinite recursion. */
{ if (*type->u.kindirect->slot == type)
static int recursion_depth = 0; return (*fns->empty_type) (fhandle);
bool result; return debug_write_type (info, fns, fhandle, *type->u.kindirect->slot,
if (recursion_depth > 256)
{
debug_error (_("debug_write_type: too many levels of nested indirection"));
return false;
}
++ recursion_depth;
result = debug_write_type (info, fns, fhandle, *type->u.kindirect->slot,
name); name);
-- recursion_depth;
return result;
}
case DEBUG_KIND_VOID: case DEBUG_KIND_VOID:
return (*fns->void_type) (fhandle); return (*fns->void_type) (fhandle);
case DEBUG_KIND_INT: case DEBUG_KIND_INT: