This patch addresses the multitude of bug reports about resource exhaustion
in libiberty's name demangling code. It adds a limit to the amount of
recursion that is allowed, before an error is triggered. It also adds a
new demangling option to disable this limit. (The limit is enabled by
default).
PR 87681
PR 87675
PR 87636
PR 87335
libiberty * cp-demangle.h (struct d_info): Add recursion_limit field.
* cp-demangle.c (d_function_type): If the recursion limit is
enabled and reached, return with a failure result.
(d_demangle_callback): If the recursion limit is enabled, check
for a mangled string that is so long that there is not enough
stack space for the local arrays.
* cplus-dem.c (struct work): Add recursion_level field.
(demangle_nested_args): If the recursion limit is enabled and
reached, return with a failure result.
include * demangle.h (DMGL_RECURSE_LIMIT): Define.
(DEMANGLE_RECURSION_LIMIT): Prototype.
binutuils * addr2line.c (demangle_flags): New static variable.
(long_options): Add --recurse-limit and --no-recurse-limit.
(translate_address): Pass demangle_flags to bfd_demangle.
(main): Handle --recurse-limit and --no-recurse-limit options.
* cxxfilt.c (flags): Add DMGL_RECURSE_LIMIT.
(long_options): Add --recurse-limit and --no-recurse-limit.
(main): Handle new options.
* dlltool.c (gen_def_file): Include DMGL_RECURSE_LIMIT in flags
passed to cplus_demangle.
* nm.c (demangle_flags): New static variable.
(long_options): Add --recurse-limit and --no-recurse-limit.
(main): Handle new options.
* objdump.c (demangle_flags): New static variable.
(usage): Add --recurse-limit and --no-recurse-limit.
(long_options): Likewise.
(objdump_print_symname): Pass demangle_flags to bfd_demangle.
(disassemble_section): Likewise.
(dump_dymbols): Likewise.
(main): Handle new options.
* prdbg.c (demangle_flags): New static variable.
(tg_variable): Pass demangle_flags to demangler.
(tg_start_function): Likewise.
* stabs.c (demangle_flags): New static variable.
(stab_demangle_template): Pass demangle_flags to demangler.
(stab_demangle_v3_argtypes): Likewise.
(stab_demangle_v3_arg): Likewise.
* doc/binutuls.texi: Document new command line options.
* NEWS: Mention the new feature.
* testsuite/config/default.exp (CXXFILT): Define if not already
defined.
(CXXFILTFLAGS): Likewise.
* testsuite/binutils-all/cxxfilt.exp: New file. Runs a few
simple tests of the cxxfilt program.
PR 22955
* stabs.c (parse_number): Add p_end parameter and use it to check
the validity of the pp parameter. Add checks to prevent walking
off the end of the string buffer.
(parse_stab_string): Likewise.
(parse_stab_type): Likewise.
(parse_stab_type_number): Likewise.
(parse_stab_range_type): Likewise.
(parse_stab_sun_builtin_type): Likewise.
(parse_stab_sun_floating_type): Likewise.
(parse_stab_enum_type): Likewise.
(parse_stab_struct_type): Likewise.
(parse_stab_baseclasses): Likewise.
(parse_stab_struct_fields): Likewise.
(parse_stab_cpp_abbrev): Likewise.
(parse_stab_one_struct_field): Likewise.
(parse_stab_members): Likewise.
(parse_stab_tilde_field): Likewise.
(parse_stab_array_type): Likewise.
* parse_stab: Compute the end of the string and then pass it on to
individual parser functions.
GCC 6 warns:
error: result of ‘4294967295ll << 32’ requires 65 bits to represent, but ‘long long int’ only has 64 bits [-Werror=shift-overflow=]
on ((((bfd_signed_vma) 0xffffffff) << 32) | 0xffffffff). This patch
replaces it with bfd_signed_vma) 0xffffffffffffffffLL.
* stabs.c (parse_stab_range_type): Use 0xffffffffffffffffLL.
PR binutils/17512
* dwarf.c (read_and_display_attr_value): Check that we do not read
past end.
(display_debug_pubnames_worker): Add range checks.
(process_debug_info): Check for invalid pointer sizes.
(display_loc_list): Likewise.
(display_loc_list_dwo): Likewise.
(display_debug_ranges): Likewise.
(display_debug_aranges): Check for invalid address size.
(read_cie): Add range checks. Replace call strchr with while loop.
* objdump.c (dump_dwarf): Replace abort with a warning message.
(print_section_stabs): Improve range checks.
* rdcoff.c (coff_get_slot): Use long for indx parameter type.
Add check for an excesively large index.
* rddbg.c (read_section_stabs_debugging_info): Zero terminate the
string table. Avoid walking off the end of the stabs data.
* stabs.c (parse_stab_string): Add check for a NULL name.
PR binutils/17512
* coffcode.h (coff_slurp_line_table): Set the line number of
corrupt entries to -1.
(coff_slurp_symbol_table): Alway initialise the value of the
symbol.
* coffgen.c (coff_print_symbol): Check that the combined pointer
is valid.
(coff_print_symbol): Do not print negative line numbers.
* peXXigen.c (pe_print_idata): Add range checking displaying
member names.
argument and emits the string followed by a comma and then the length of
the string.
(CONST_STRNEQ): New macro. Checks to see if a variable string has a constant
string as its initial characters.
(CONST_STRNCPY): New macro. Copies a constant string to the start of a
variable string.
* bfd-in2.h: Regenerate.
* <remainign files>: Make use of the new macros.
out of stab_demangle_v3_argtypes.
(stab_demangle_v3_argtypes): Call it.
(stab_demangle_v3_arg): Handle DEMANGLE_COMPONENT_FUNCTION_TYPE.
If we find an unrecognized component, print out its number.
