diff options
| author | Petr Machata <[email protected]> | 2011-03-17 00:10:56 +0100 |
|---|---|---|
| committer | Petr Machata <[email protected]> | 2011-03-17 00:10:56 +0100 |
| commit | 29cc1c29f1b08403e8d7dc249130876f6b2752b6 (patch) | |
| tree | dc8a6791747597ece06e03967726da5457e24569 | |
| parent | 65e9aa860d06507c9332ec2fdf55d3ca4f2acdc3 (diff) | |
dwarflint: Better validation of .debug_line table header length
| -rw-r--r-- | dwarflint/Makefile.am | 16 | ||||
| -rw-r--r-- | dwarflint/check_debug_line.cc | 8 | ||||
| -rw-r--r-- | dwarflint/highlevel_check.cc | 2 | ||||
| -rw-r--r-- | dwarflint/tests/garbage-11.bz2 | bin | 0 -> 592 bytes | |||
| -rwxr-xr-x | dwarflint/tests/run-bad.sh | 14 |
5 files changed, 33 insertions, 7 deletions
diff --git a/dwarflint/Makefile.am b/dwarflint/Makefile.am index d9ef2ab2..7c0a9b2f 100644 --- a/dwarflint/Makefile.am +++ b/dwarflint/Makefile.am @@ -116,7 +116,21 @@ EXTRA_DIST = $(EXTRA_TESTS) \ tests/check_range_out_of_scope-1.bz2 \ tests/check_debug_info_refs-1.bz2 \ tests/aranges_terminate_early.bz2 - tests/libdl-2.12.so.debug.bz2 + tests/libdl-2.12.so.debug.bz2 \ + tests/hello.bad-1.bz2 \ + tests/hello.bad-3.bz2 \ + tests/empty-1.bz2 \ + tests/garbage-1.bz2 \ + tests/garbage-2.bz2 \ + tests/garbage-3.bz2 \ + tests/garbage-4.bz2 \ + tests/garbage-5.bz2 \ + tests/garbage-6.bz2 \ + tests/garbage-7.bz2 \ + tests/garbage-8.bz2 \ + tests/garbage-9.bz2 \ + tests/garbage-10.bz2 \ + tests/garbage-11.bz2 installed_TESTS_ENVIRONMENT = libdir=$(DESTDIR)$(libdir) \ bindir=$(DESTDIR)$(bindir) \ diff --git a/dwarflint/check_debug_line.cc b/dwarflint/check_debug_line.cc index 7fa097ac..26fb5d03 100644 --- a/dwarflint/check_debug_line.cc +++ b/dwarflint/check_debug_line.cc @@ -204,7 +204,7 @@ check_debug_line::check_debug_line (checkstack &stack, dwarflint &lint) wr_error (where) << "can't read attribute value." << std::endl; goto skip; } - const unsigned char *program_start = sub_ctx.ptr + header_length; + const unsigned char *header_start = sub_ctx.ptr; /* Minimum instruction length. */ uint8_t minimum_i_length; @@ -349,8 +349,9 @@ check_debug_line::check_debug_line (checkstack &stack, dwarflint &lint) << "no CU uses this line table." << std::endl; } - /* Skip the rest of the header. */ - if (sub_ctx.ptr > program_start) + const unsigned char *program_start = header_start + header_length; + if (header_length > (uint64_t)(sub_ctx.end - header_start) + || sub_ctx.ptr > program_start) { wr_error (where) << "header claims that it has a size of " << header_length @@ -364,6 +365,7 @@ check_debug_line::check_debug_line (checkstack &stack, dwarflint &lint) } else if (sub_ctx.ptr < program_start) { + /* Skip the rest of the header. */ struct where wh = WHERE (sec_line, NULL); uint64_t off_start, off_end; if (read_check_zero_padding (&sub_ctx, &off_start, &off_end)) diff --git a/dwarflint/highlevel_check.cc b/dwarflint/highlevel_check.cc index 17c69244..13f7d1dd 100644 --- a/dwarflint/highlevel_check.cc +++ b/dwarflint/highlevel_check.cc @@ -117,7 +117,6 @@ namespace elfutils::dwarf open_hl_dwarf (Dwarf *dw) - { try { return dw; @@ -128,7 +127,6 @@ namespace << "Couldn't initialize high-level DWARF descriptor." << std::endl; throw check_base::failed (); } - } } open_highlevel_dwarf::open_highlevel_dwarf (checkstack &stack, dwarflint &lint) diff --git a/dwarflint/tests/garbage-11.bz2 b/dwarflint/tests/garbage-11.bz2 Binary files differnew file mode 100644 index 00000000..450e72cc --- /dev/null +++ b/dwarflint/tests/garbage-11.bz2 diff --git a/dwarflint/tests/run-bad.sh b/dwarflint/tests/run-bad.sh index bb2b92e0..46678f0f 100755 --- a/dwarflint/tests/run-bad.sh +++ b/dwarflint/tests/run-bad.sh @@ -30,7 +30,7 @@ srcdir=$srcdir/tests testfiles hello.bad-1 hello.bad-3 empty-1 \ garbage-1 garbage-2 garbage-3 garbage-4 \ garbage-5 garbage-6 garbage-7 garbage-8 \ - garbage-9 garbage-10 + garbage-9 garbage-10 garbage-11 testrun_compare ./dwarflint hello.bad-1 <<EOF error: .debug_info: DIE 0x83: abbrev section at 0x0 doesn't contain code 83. @@ -104,3 +104,15 @@ testrun_compare ./dwarflint garbage-10 <<EOF warning: .rela.debug_info: offset 0xc: relocation formed using STT_SECTION symbol with non-zero value. error: .rela.debug_info: offset 0x11: couldn't obtain symbol #7208969: invalid section index. EOF + +testrun_compare ./dwarflint garbage-11 <<EOF +error: .rela.debug_info: offset 0x600: invalid relocation 2560 (<INVALID RELOC>). +error: .rela.debug_info: offset 0xc00: invalid relocation 2560 (<INVALID RELOC>). +error: .rela.debug_info: offset 0x1100: invalid relocation 2560 (<INVALID RELOC>). +error: .rela.debug_info: offset 0x1500: invalid relocation 256 (<INVALID RELOC>). +error: .rela.debug_info: offset 0x1d00: invalid relocation 256 (<INVALID RELOC>). +error: .rela.debug_info: offset 0x2500: invalid relocation 2560 (<INVALID RELOC>). +error: .rela.debug_info: offset 0x3600: invalid relocation 256 (<INVALID RELOC>). +error: .debug_line: table 0: header claims that it has a size of 542, but in fact it has a size of 30. +error: .debug_info: DIE 0xb (abbr. attribute 0xa): unresolved reference to .debug_line table 0x0. +EOF |