PR 28592
PR 15994
PR 15935
* dwarf2.c (lookup_address_in_line_info_table): Return bool rather
than a range.
(comp_unit_find_nearest_line): Likewise. Return true if function
info found without line info.
(_bfd_dwarf2_find_nearest_line): Revert range handling code.
Include the language identifier emitted by gas in the set of ones where
no mangled names are expected. Even if there could be "hand-mangled"
names, gas doesn't emit DW_AT_linkage_name in the first place.
Prior to entering the enclosing "else if()" the earlier associated if()
checks function->is_linkage and, if set, uses function->name. The
comment in patch context precedes (and explains) the setting
function->is_linkage. Yet with the flag set, we should then also return
the function name, just like said earlier if() would do when we came
here a 2nd time for the same "addr". And indeed passing the same address
twice on addr2line's command line would resolve the function for the 2nd
instance, but not for the 1st (if this code path is taken). (This,
obviously, is particularly relevant when there's no ELF symbol table in
the first place, like would be the case - naturally - in PE/COFF
binaries, for example.)
PR 28978
* dwarf2.c (scan_unit_for_symbols): When performing second pass,
check to see if the function or variable being processed is the
same as the previous one.
The result of running etc/update-copyright.py --this-year, fixing all
the files whose mode is changed by the script, plus a build with
--enable-maintainer-mode --enable-cgen-maint=yes, then checking
out */po/*.pot which we don't update frequently.
The copy of cgen was with commit d1dd5fcc38ead reverted as that commit
breaks building of bfp opcodes files.
PR28691 is a fuzzing PR that triggers a non-problem of "output changes
per run" with PIEs and/or different compilers. I've closed similar
PRs before as wontfix, but I guess there will be no end of this type
of PR. The trigger is an attribute that usually takes one of the
offset/constant reference DW_FORMs being given an indexed string
DW_FORM. The bfd reader doesn't support indexed strings and returns
an error string instead. The address of the string varies with PIE
runs and/or compiler, and we allow that address to appear in output.
Fix this by validating integer attribute forms, as we do for string
form attributes.
PR 28691
* dwarf2.c (is_str_attr): Rename to..
(is_str_form): ..this. Change param type. Update calls.
(is_int_form): New function.
(read_attribute_value): Handle DW_FORM_addrx2.
(find_abstract_instance): Validate form when using attr.u.val.
(scan_unit_for_symbols, parse_comp_unit): Likewise.
Not returning an error indication here leaves the attribute
uninitialised, which then leads to intemperate behaviour.
PR 28674
* dwarf2.c (read_attribute_value): Return NULL on trying to read
past end of attributes.
Pointer range checking is UB if the values compared are outside the
underlying array elements (plus one).
* dwarf2.c (read_address): Remove accidental commit.
(read_ranges): Compare offset rather than pointers.
Older gcc reports:
.../bfd/dwarf2.c: In function 'read_ranges':
.../bfd/dwarf2.c:3107: error: comparison between signed and unsigned
.../bfd/dwarf2.c: In function 'read_rnglists':
.../bfd/dwarf2.c:3189: error: comparison between signed and unsigned
Similarly for binutils/dwarf.c. Arrange for the left sides of the > to
also be unsigned quantities.
This patch is aimed at the many places in dwarf2.c that blindly
increment a data pointer after calling functions that are meant to
read a fixed number of bytes. The problem with that is with damaged
dwarf we might increment a data pointer past the end of data, which is
UB and complicates (ie. bugs likely) any further use of that data
pointer. To fix those problems, I've moved incrementing of the data
pointer into the functions that do the reads. _bfd_safe_read_leb128
gets the same treatment for consistency.
* libbfd.c (_bfd_safe_read_leb128): Remove length_return parameter.
Replace data pointer with pointer to pointer. Increment pointer
over bytes read.
* libbfd-in.h (_bfd_safe_read_leb128): Update prototype.
* elf-attrs.c (_bfd_elf_parse_attributes): Adjust to suit. Be
careful not to increment data pointer past end. Remove now
redundant pr17512 check.
* wasm-module.c (READ_LEB128): Adjust to suit changes to
_bfd_safe_read_leb128.
* dwarf2.c (read_n_bytes): New inline function, old one renamed to..
(read_blk): ..this. Allocate and return block. Increment bfd_byte**
arg.
(read_3_bytes): New function.
(read_1_byte, read_1_signed_byte, read_2_bytes, read_4_bytes),
(read_8_bytes, read_string, read_indirect_string),
(read_indirect_line_string, read_alt_indirect_string): Take a
byte_byte** arg which is incremented over bytes read. Remove any
bytes_read return. Rewrite limit checks to compare lengths
rather than pointers.
(read_abbrevs, read_attribute_value, read_formatted_entries),
(decode_line_info, find_abstract_instance, read_ranges),
(read_rnglists, scan_unit_for_symbols, parse_comp_unit),
(stash_comp_unit): Adjust to suit. Rewrite limit checks to
compare lengths rather than pointers.
* libbfd.h: Regenerate.
I built GDB with `--enable-targets=all`, then started GDB passing it
an x86-64 executable, finally I ran 'maint selftest', and observed GDB
crash like this:
BFD: BFD (GNU Binutils) 2.36.50.20210519 assertion fail ../../src/bfd/hash.c:438
Aborted (core dumped)
The problem originates from two locations, for example in csky-dis.c
(csky_get_disassembler) where we do this:
const char *sec_name = NULL;
...
sec_name = get_elf_backend_data (abfd)->obj_attrs_section;
if (bfd_get_section_by_name (abfd, sec_name) != NULL)
...
We end up in here because during the selftests GDB forces the
architecture to be csky, but the BFD being accessed is still of type
x86-64. As a result obj_attrs_section returns NULL, which means we
end up passing NULL to bfd_get_section_by_name. If we follow the
function calls from bfd_get_section_by_name we eventually end up in
bfd_hash_hash, which asserts that the string (i.e. the name) is not
NULL.
The same crash can be reproduced in GDB without using the selftests,
for example:
(gdb) file x86_64.elf
(gdb) start
(gdb) set architecture csky
(gdb) disassemble main
Dump of assembler code for function main:
BFD: BFD (GNU Binutils) 2.36.50.20210519 assertion fail ../../src/bfd/hash.c:438
Aborted (core dumped)
The fix I propose here is to have bfd_get_section_by_name return NULL
if name is ever NULL. For consistency I updated
bfd_get_section_by_name_if in the same way, even though I'm not
hitting any problems along that code path right now.
I looked through the source tree and removed two NULL checks in
bfd/dwarf2.c which are no longer needed, its possible that there are
additional NULL checks that could be removed, I just didn't find them.
bfd/ChangeLog:
* section.c (bfd_get_section_by_name): Return NULL if name is
NULL.
(bfd_get_section_by_name_if): Likewise.
* dwarf2.c (read_section): Remove unneeded NULL check.
(find_debug_info): Likewise.
The DWARF5 spec does indeed explicitly say: "A bounded range entry whose
beginning and ending address offsets are equal (including zero) indicates
an empty range and may be ignored."
Since arange_add already ignores empty ranges, remove the whole check
which is equivalent to the check plus explicit continue.
PR binutils/27231
* dwarf2.c (read_rnglists): Ignore empty range when parsing line
number tables.
Advance rngs_ptr when parsing DW_RLE_offset_pair, which was missing in
commit c3757b583d
Author: Mark Wielaard <mark@klomp.org>
Date: Tue Aug 25 15:33:00 2020 +0100
Fix the linker's handling of DWARF-5 line number tables.
PR binutils/27231
* dwarf2.c (read_rnglists): Advance rngs_ptr after
_bfd_safe_read_leb128 when parsing DW_RLE_offset_pair.
When building with gcc with -gdwarf-5 ld tests (including ld-elf/dwarf.exp)
fail because they try to read the .debug_ranges section. But DWARF5
introduces a new .debug_rnglists section that encodes the address ranges
more efficiently. Implement reading the debug_rnglists in bfd/dwarf2.c.
Which makes all tests pass again and fixes several gcc testsuite tests
when defaulting to DWARF5.
* dwarf2.c (struct dwarf2_debug_file): Add dwarf_rnglists_buffer
and dwarf_rnglists_size fields.
(dwarf_debug_sections): Add debug_rnglists.
(dwarf_debug_section_enum): Likewise.
(read_debug_rnglists): New function.
(read_rangelist): New function to call either read_ranges or
read_rnglists. Rename original function to...
(read_ranges): ...this.
(read_rnglists): New function.
PR 25676
bfd * dwarf2.c (struct varinfo): Add unit_offset field to record the
location of the varinfo in the unit's debug info data. Change the
type of the stack field to a boolean.
(lookup_var_by_offset): New function. Returns the varinfo
structure for the variable described at the given offset in the
unit's debug info.
(scan_unit_for_symbols): Add support for variables which have the
DW_AT_specification attribute.
binutils* testsuite/binutils-all/dw4.s: New test source file.
* testsuite/binutils-all/nm.exp: Run the new test.
This patch remedies the following DW_FORM_GNU_ref_alt related problem:
/* FIXME: Do we need to locate the correct CU, in a similar
fashion to the code in the DW_FORM_ref_addr case above ? */
Without the correct CU the wrong abbrevs are used, resulting in
errors and/or wrong file names.
There is scope for further work here. Parsing of CUs should be a two
step process, with the first stage just finding the bounds of the CU.
This would allow find_abstract_instance to quickly find the CU
referenced by DW_FORM_ref_addr or DW_FORM_GNU_ref_alt, then take the
second stage of CU parsing where abbrevs, ranges and suchlike consume
time and memory. As it is, we just process CUs from the start of
.debug_info until we find the one of interest. The testcase in the PR
takes 98G of virtual memory.
PR 25230
* dwarf2.c (struct dwarf2_debug_file): Add line_table and
abbrev_offsets.
(struct abbrev_offset_entry): New.
(hash_abbrev, eq_abbrev, del_abbrev): New functions.
(read_abbrevs): Check whether we have already read abbrevs at
given offset, and add new offset/abbrev to hash table.
(decode_line_info): Keep line table at offset zero in file struct.
Return this for a cu reusing the same dir/file list.
(find_abstract_instance): Find cu for DW_FORM_GNU_ref_alt.
(_bfd_dwarf2_slurp_debug_info): Create offset/abbrev hash tables.
(_bfd_dwarf2_cleanup_debug_info): Adjust deletion of lines and
abbrevs.
read_section does offset checking, reporting an error on out of
bounds. There's no need to duplicate the check in functions calling
read_section. Also, I spotted a place where a pointer difference
expression was being cast to unsigned int, possibly truncating
relevant bits on a 64-bit host.
* dwarf2.c (read_indirect_string): Don't duplicate offset check
done in read_section.
(read_indirect_line_string): Likewise.
(read_alt_indirect_string): Likewise.
(read_alt_indirect_ref): Likewise.
(read_abbrevs): Likewise. Free memory on all failure paths.
Use correct unsigned type for pointer difference comparison.
These are unused. Remove them. Also fix the wrong sort of 0 being
returned from read_alt_indirect_ref.
* dwarf2.c (struct dwarf2_debug): Update comments. Remove sec
and sec_info_ptr.
(_bfd_dwarf2_slurp_debug_info): Don't set sec or sec_info_ptr.
(stash_comp_unit): Likewise.
(read_alt_indirect_ref): Return NULL not FALSE.
There were a number of problems with the previous patch. Firstly,
_bfd_dwarf2_stash_syms didn't do anything when the original file had
dynamic symbols, and secondly, info found by the symbol search didn't
make it out of _bfd_elf_find_nearest_line except in the case of DWARF
functions without external linkage.
PR 23652
* dwarf2.c (_bfd_dwarf2_stash_syms): Break out of loop on finding
matching section.
(_bfd_dwarf2_find_nearest_line): Return an int, with value 2 when
returning info from the symbol table. Do the _bfd_elf_find_function
search also when !found. Call _bfd_dwarf2_stash_syms regardless of
symbols.
* elf64-alpha.c (elf64_alpha_find_nearest_line): Accept dwarf2
result of 1 only.
* elfxx-mips.c (_bfd_mips_elf_find_nearest_line): Likewise.
* libbfd-in.h (_bfd_dwarf2_find_nearest_line): Update prototype.
* libbfd.h: Regenerate.
Sometimes DWARF info for a function is incomplete, and the function
can be retrieved by examining symbols. However, when separate debug
files are used it may be that the original file is completely
stripped of symbols. This patch teaches BFD to look at symbols from
the debug file in that case.
The patch also removes arm_elf_find_function, instead implementing
elf_backend_maybe_function_sym. arm_elf_find_function was written
before the generic _bfd_elf_find_function called maybe_function_sym.
aarch64 copied arm, so that file gets the same treatment. There is
some chance this will speed up arm and aarch64 lookup of function/line.
PR 23652
* dwarf2.c (_bfd_dwarf2_stash_syms): New function.
(_bfd_dwarf2_find_nearest_line): Use it here, passing syms to
_bfd_elf_find_function. Call _bfd_elf_find_function in cases
where _bfd_elf_find_nearest_line would do so.
* elf.c (_bfd_elf_find_nearest_line): Omit _bfd_elf_find_function
for dwarf2.
* elfxx-mips.c (_bfd_mips_elf_find_nearest_line): Similarly. Tidy.
* elf32-arm.c (elf32_arm_maybe_function_sym): New function.
(elf_backend_maybe_function_sym): Define.
(arm_elf_find_function, elf32_arm_find_nearest_line): Delete.
(bfd_elf32_find_nearest_line): Don't define.
* elfnn-aarch64.c (elfNN_aarch64_maybe_function_sym): New function.
(elf_backend_maybe_function_sym): Define.
(aarch64_elf_find_function, elfNN_aarch64_find_nearest_line): Delete.
(bfd_elfNN_find_nearest_line): Don't define.
This patch ensures qsort stability in line and function sorting done
in dwarf2.c. For the line sequences we make use of an existing field
that isn't used until later, as a monotonic counter for the qsort.
* dwarf2.c (struct lookup_funcinfo): Add idx field.
(compare_lookup_funcinfos): Perform final sort on idx.
(build_lookup_funcinfo_table): Set idx.
(compare_sequences): Perform final sort on num_lines.
(build_line_info_table): Set num_lines and line_info_lookup earlier.
(sort_line_sequences): Set num_lines for sort.
stash_maybe_enable_info_hash_tables sets
stash->info_hash_status = STASH_INFO_HASH_ON;
regardless of the result of stash_maybe_update_info_hash_tables call. In
case it fails this results in repeated invocation of comp_unit_hash_info
for the same comp unit and assertion failure in this function.
Only set stash->info_hash_status = STASH_INFO_HASH_ON; when
stash_maybe_update_info_hash_tables is successful.
bfd/
2019-10-11 Max Filippov <jcmvbkbc@gmail.com>
* dwarf2.c (stash_maybe_enable_info_hash_tables): Only set
stash->info_hash_status = STASH_INFO_HASH_ON when
stash_maybe_update_info_hash_tables succeeds.
Evil testcase with two debug info sections, with sizes of 2aaaabac4ec1
and ffffd5555453b140 result in a total size of 1. Reading the first
section of course overflows the buffer and tramples on other memory.
PR 25070
* dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of
total_size calculation.
This fixes a small leak of debug_filename. bfd_openr copies the file
name since git commit 1be5090bca.
PR 11983
* dwarf2.c (_bfd_dwarf2_slurp_debug_info): Free debug_filename
on success. Tidy.
A customer reported a case where addr2line was very slow. We tracked
this down to some N^2 behavior in _bfd_dwarf2_find_symbol_bias in the
unusual case where no function can be found.
This patch fixes the bug, and reduces the runtime for a particular
request from 127 seconds to 1 second.
bfd/ChangeLog
2019-08-19 Tom Tromey <tromey@adacore.com>
* dwarf2.c (_bfd_dwarf2_find_symbol_bias): Create hash table
holding symbols.
A customer program had a DWARF CU that consisted of just a CU DIE,
without any children. In this situation, scan_unit_for_symbols will
try to read past the end of the current CU, and will take use the
first bytes of the next CU as an abbrev, printing an error message.
This patch fixes the bug by changing scan_unit_for_symbols to stop at
the end of the CU rather than the end of the .debug_info section.
bfd/ChangeLog
2019-08-15 Tom Tromey <tromey@adacore.com>
* dwarf2.c (scan_unit_for_symbols): Check for end of CU, not end
of section.
PR 24623
* dwarf2.c (stash_comp_unit): New function, extracted from..
(_bfd_dwarf2_find_nearest_line): ..here.
(find_abstract_instance): Parse comp units and decode line info
as needed.
