Attachment #11961 for bug #24829




  first_dwo_info = NULL;
}

/* Ensure that START + UVALUE is less than END.
   Return an adjusted UVALUE if necessary to ensure this relationship.  */

static inline dwarf_vma
check_uvalue (const unsigned char * start,
	      dwarf_vma             uvalue,
	      const unsigned char * end)
{
  dwarf_vma max_uvalue = end - start;

  /* FIXME: Testing "(start + uvalue) < start" miscompiles with gcc 4.8.3
     running on an x86_64 host in 32-bit mode.  So we pre-compute start +
     uvalue here.  */
  const unsigned char * ptr = start + uvalue;

  /* See PR 17512: file: 008-103549-0.001:0.1.
     and PR 24829 for example of where these tests are triggered.  */
  if (uvalue > max_uvalue
      || ptr > end
      || ptr < start)
    {
      warn (_("Corrupt attribute block length: %lx\n"), (long) uvalue);
      uvalue = max_uvalue;
    }

  return uvalue;
}

static unsigned char *
read_and_display_attr_value (unsigned long           attribute,
			     unsigned long           form,

	  uvalue = 0;
	  block_start = end;
	}

      uvalue = check_uvalue (block_start, uvalue, end);

      data = block_start + uvalue;
      /* PR 17512: file: 008-103549-0.001:0.1.  */
      if (block_start + uvalue > end || data < block_start)
	{
	  warn (_("Corrupt attribute block length: %lx\n"), (long) uvalue);
	  uvalue = end - block_start;
	}
      if (do_loc)
	data = block_start + uvalue;
      else

	  uvalue = 0;
	  block_start = end;
	}

      uvalue = check_uvalue (block_start, uvalue, end);

	  warn (_("Corrupt attribute block length: %lx\n"), (long) uvalue);
	  uvalue = end - block_start;
	}
      if (do_loc)
	data = block_start + uvalue;
      else

	  uvalue = 0;
	  block_start = end;
	}

      uvalue = check_uvalue (block_start, uvalue, end);

	  warn (_("Corrupt attribute block length: %lx\n"), (long) uvalue);
	  uvalue = end - block_start;
	}
      if (do_loc)
	data = block_start + uvalue;
      else

	  uvalue = 0;
	  block_start = end;
	}

      uvalue = check_uvalue (block_start, uvalue, end);

	  || data < block_start)
	{
	  warn (_("Corrupt attribute block length: %lx\n"), (long) uvalue);
	  uvalue = end - block_start;
	}
      if (do_loc)
	data = block_start + uvalue;
      else

Return to bug 24829

Lines 1832-1837 free_dwo_info (void) Link Here

(-)a/binutils/dwarf.c (-30 / +40 lines)
1832	first_dwo_info = NULL;	1832	first_dwo_info = NULL;
1833	}	1833	}
1834		1834
		1835	/* Ensure that START + UVALUE is less than END.
		1836	Return an adjusted UVALUE if necessary to ensure this relationship. */
		1837
		1838	static inline dwarf_vma
		1839	check_uvalue (const unsigned char * start,
		1840	dwarf_vma uvalue,
		1841	const unsigned char * end)
		1842	{
		1843	dwarf_vma max_uvalue = end - start;
		1844
		1845	/* FIXME: Testing "(start + uvalue) < start" miscompiles with gcc 4.8.3
		1846	running on an x86_64 host in 32-bit mode. So we pre-compute start +
		1847	uvalue here. */
		1848	const unsigned char * ptr = start + uvalue;
		1849
		1850	/* See PR 17512: file: 008-103549-0.001:0.1.
		1851	and PR 24829 for example of where these tests are triggered. */
		1852	if (uvalue > max_uvalue
		1853	\|\| ptr > end
		1854	\|\| ptr < start)
		1855	{
		1856	warn (_("Corrupt attribute block length: %lx\n"), (long) uvalue);
		1857	uvalue = max_uvalue;
		1858	}
		1859
		1860	return uvalue;
		1861	}
		1862
1835	static unsigned char *	1863	static unsigned char *
1836	read_and_display_attr_value (unsigned long attribute,	1864	read_and_display_attr_value (unsigned long attribute,
1837	unsigned long form,	1865	unsigned long form,
Lines 2056-2071 read_and_display_attr_value (unsigned long attribute, Link Here
2056	uvalue = 0;	2084	uvalue = 0;
2057	block_start = end;	2085	block_start = end;
2058	}	2086	}
2059	/* FIXME: Testing "(block_start + uvalue) < block_start" miscompiles with	2087
2060	gcc 4.8.3 running on an x86_64 host in 32-bit mode. So we pre-compute	2088	uvalue = check_uvalue (block_start, uvalue, end);
2061	block_start + uvalue here. */	2089
2062	data = block_start + uvalue;
2063	/* PR 17512: file: 008-103549-0.001:0.1. */
2064	if (block_start + uvalue > end \|\| data < block_start)
2065	{
2066	warn (_("Corrupt attribute block length: %lx\n"), (long) uvalue);
2067	uvalue = end - block_start;
2068	}
2069	if (do_loc)	2090	if (do_loc)
2070	data = block_start + uvalue;	2091	data = block_start + uvalue;
2071	else	2092	else
Lines 2081-2092 read_and_display_attr_value (unsigned long attribute, Link Here
2081	uvalue = 0;	2102	uvalue = 0;
2082	block_start = end;	2103	block_start = end;
2083	}	2104	}
2084	data = block_start + uvalue;	2105
2085	if (block_start + uvalue > end \|\| data < block_start)	2106	uvalue = check_uvalue (block_start, uvalue, end);
2086	{	2107
2087	warn (_("Corrupt attribute block length: %lx\n"), (long) uvalue);
2088	uvalue = end - block_start;
2089	}
2090	if (do_loc)	2108	if (do_loc)
2091	data = block_start + uvalue;	2109	data = block_start + uvalue;
2092	else	2110	else
Lines 2102-2113 read_and_display_attr_value (unsigned long attribute, Link Here
2102	uvalue = 0;	2120	uvalue = 0;
2103	block_start = end;	2121	block_start = end;
2104	}	2122	}
2105	data = block_start + uvalue;	2123
2106	if (block_start + uvalue > end \|\| data < block_start)	2124	uvalue = check_uvalue (block_start, uvalue, end);
2107	{	2125
2108	warn (_("Corrupt attribute block length: %lx\n"), (long) uvalue);
2109	uvalue = end - block_start;
2110	}
2111	if (do_loc)	2126	if (do_loc)
2112	data = block_start + uvalue;	2127	data = block_start + uvalue;
2113	else	2128	else
Lines 2124-2137 read_and_display_attr_value (unsigned long attribute, Link Here
2124	uvalue = 0;	2139	uvalue = 0;
2125	block_start = end;	2140	block_start = end;
2126	}	2141	}
2127	data = block_start + uvalue;	2142
2128	if (block_start + uvalue > end	2143	uvalue = check_uvalue (block_start, uvalue, end);
2129	/* PR 17531: file: 5b5f0592. */	2144
2130	\|\| data < block_start)
2131	{
2132	warn (_("Corrupt attribute block length: %lx\n"), (long) uvalue);
2133	uvalue = end - block_start;
2134	}
2135	if (do_loc)	2145	if (do_loc)
2136	data = block_start + uvalue;	2146	data = block_start + uvalue;
2137	else	2147	else