There is a tiny error left in dwarf.c:read_leb128 after Nick fixed the
signed overflow problem in code I wrote. It's to do with sleb128
values that have unnecessary excess bytes. For example, -1 is
represented as 0x7f, the most efficient encoding, but also as
0xff,0x7f or 0xff,0xff,0x7f and so on. None of these sequences
overflow any size signed value, but read_leb128 will report an
overflow given enough excess bytes. This patch fixes that problem,
and since the proper test for signed values with excess bytes can
easily be adapted to also test a sleb byte with just some bits that
overflow the result, I changed the code to not use signed right
shifts. (The C standard ISO/IEC 9899:1999 6.5.7 says signed right
shifts of negative values have an implementation defined value. A
long time ago I even used a C compiler for a certain microprocessor
that always did unsigned right shifts. Mind you, it is very unlikely
to be compiling binutils with such a compiler.)
bfd/
* wasm-module.c: Guard include of limits.h.
(CHAR_BIT): Provide backup define.
(wasm_read_leb128): Use CHAR_BIT to size "result" in bits.
Correct signed overflow checking.
opcodes/
* wasm32-dis.c: Include limits.h.
(CHAR_BIT): Provide backup define.
(wasm_read_leb128): Use CHAR_BIT to size "result" in bits.
Correct signed overflow checking.
binutils/
* dwarf.c: Include limits.h.
(CHAR_BIT): Provide backup define.
(read_leb128): Use CHAR_BIT to size "result" in bits. Correct
signed overflow checking.
* testsuite/binutils-all/pr26548.s,
* testsuite/binutils-all/pr26548.d,
* testsuite/binutils-all/pr26548e.d: New tests.
* testsuite/binutils-all/readelf.exp: Run them.
(readelf_test): Drop unused "xfails" parameter. Update all uses.
The signed integer overflow occurred when adding one to target_count
for (i = 0; i < target_count + 1; i++)
but that's the least of the worries here. target_count was long and i
int, leading to the possibility of a loop that never ended.
So to avoid this type of vulnerability, this patch uses what I believe
to be the proper types for arguments of various wasm32 opcodes, rather
than using "long" which may change in size.
gas/
* testsuite/gas/wasm32/allinsn.d: Update expected output.
opcodes/
* wasm32-dis.c (print_insn_wasm32): Localise variables. Store
result of wasm_read_leb128 in a uint64_t and check that bits
are not lost when copying to other locals. Use uint32_t for
most locals. Use PRId64 when printing int64_t.
Remove `-Wshadow' compilation errors:
cc1: warnings being treated as errors
.../bfd/wasm-module.c: In function 'wasm_scan_name_function_section':
.../bfd/wasm-module.c:312: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:303: error: shadowed declaration is here
.../bfd/wasm-module.c: In function 'wasm_register_section':
.../bfd/wasm-module.c:494: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:303: error: shadowed declaration is here
.../bfd/wasm-module.c: In function 'wasm_compute_custom_section_file_position':
.../bfd/wasm-module.c:523: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:303: error: shadowed declaration is here
and:
cc1: warnings being treated as errors
.../opcodes/wasm32-dis.c: In function 'print_insn_wasm32':
.../opcodes/wasm32-dis.c:272: error: declaration of 'index' shadows a global declaration
/usr/include/string.h:303: error: shadowed declaration is here
make[4]: *** [wasm32-dis.lo] Error 1
which for versions of GCC before 4.8 prevent support for the WebAssembly
target from being built. See also GCC PR c/53066.
bfd/
* wasm-module.c (wasm_scan_name_function_section): Rename
`index' local variable to `idx'.
opcodes/
* wasm32-dis.c (print_insn_wasm32): Rename `index' local
variable to `function_index'.
include * dis-asm.h: Add prototypes for wasm32 disassembler.
opcodes * Makefile.am: Add wasm32-dis.c.
* configure.ac: Add wasm32-dis.c to wasm32 target.
* disassemble.c: Add wasm32 disassembler code.
* wasm32-dis.c: New file.
* Makefile.in: Regenerate.
* configure: Regenerate.
* po/POTFILES.in: Regenerate.
* po/opcodes.pot: Regenerate.
gas * testsuite/gas/wasm32/allinsn.d: Adjust test for disassembler
changes.
* testsuite/gas/wasm32/disass.d: New test.
* testsuite/gas/wasm32/disass.s: New test.
* testsuite/gas/wasm32/disass-2.d: New test.
* testsuite/gas/wasm32/disass-2.s: New test.
* testsuite/gas/wasm32/reloc.d: Adjust test for changed reloc
names.
* testsuite/gas/wasm32/reloc.s: Update test for changed assembler
syntax.
* testsuite/gas/wasm32/wasm32.exp: Run new tests. Expect allinsn
test to succeed.
