Bug 26548

Summary: LEB decoding error
Product: binutils Reporter: laurent.stacul
Component: binutilsAssignee: Nick Clifton <nickc>
Status: RESOLVED FIXED    
Severity: normal CC: nickc, pinskia, romain.geissler
Priority: P2    
Version: 2.34   
Target Milestone: ---   
See Also: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104238
Host: Target:
Build: Last reconfirmed: 2020-08-28 00:00:00

Description laurent.stacul 2020-08-28 12:56:14 UTC 
Let's consider the following program:

#include <limits>
#include <iostream>

int main(int argc, const char *argv[])
{
    std::cout << std::numeric_limits<long>::min() <<std::endl;
    return 0;
}

This program works as expected.

If I compile it with the debug symbols (g++ -g), and try to retrieve the debug info with readelf:

> readelf --debug-dump=info a.out

I have the following behaviour:
- version <= 2.33: no error
- version == 2.34: Error: LEB value too large
- version == 2.35:  Error: /workdir/src/binutils-2.35.0/binutils/dwarf.c:2231: read LEB value is too large to store in destination variable

It fails when decoding the DW_TAG_variable describing '_ZN9__gnu_cxx24__numeric_traits_integerIlE5__minE'.


Laurent

System information:

OS: Ubuntu 20.04 LTS
g++: (Ubuntu 9.3.0-10ubuntu2) 9.3.0
GNU readelf (GNU Binutils for Ubuntu) 2.34

(I also reproduce the described problem with other combinations of the binutils (up to 2.35) and gcc (up to 11 experimental)).
Comment 1 Sourceware Commits 2020-08-28 15:05:55 UTC 
The master branch has been updated by Nick Clifton <nickc@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08d7da7dc9e130cbaf072c2588e1b392c2d7503e

commit 08d7da7dc9e130cbaf072c2588e1b392c2d7503e
Author: Nick Clifton <nickc@redhat.com>
Date:   Fri Aug 28 16:04:49 2020 +0100

    Fix a bogus error message from the DWARF LEB129 decoder when trying to read a signed LEB128 value containing the largest possible signed negative integer value.
    
            PR 26548
            * dwarf.c (read_leb128): When checking for overflow of a signed
            read, use a signed shift.
Comment 2 Nick Clifton 2020-08-28 15:06:40 UTC 
Hi Laurent,

  Thanks for reporting this problem.  I have checked in a small patch
  which I believe will resolve the problem.

Cheers
  Nick
Comment 3 laurent.stacul 2020-08-28 17:00:05 UTC 
(In reply to Nick Clifton from comment #2)
> Hi Laurent,
> 
>   Thanks for reporting this problem.  I have checked in a small patch
>   which I believe will resolve the problem.
> 
> Cheers
>   Nick

Thanks very much for such a rapid patch !
Regards,
Laurent
Comment 4 Romain Geissler 2020-08-31 08:50:14 UTC 
Hi Nick,

Thanks for this patch. Do you think we should also backport it in the release branch 2.35 ?

Cheers,
Romain
Comment 5 Sourceware Commits 2020-09-03 14:53:44 UTC 
The binutils-2_35-branch branch has been updated by Nick Clifton <nickc@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1f1ded87c9250deb986067eac6d53663f3f69e09

commit 1f1ded87c9250deb986067eac6d53663f3f69e09
Author: Nick Clifton <nickc@redhat.com>
Date:   Thu Sep 3 15:52:53 2020 +0100

    Import a patch from mainline to fix a spurious overflow error when decoding negative LEB128 values.
    
            PR 26548
            * dwarf.c (read_leb128): When checking for overflow of a signed
            read, use a signed shift.
Comment 6 Nick Clifton 2020-09-03 14:54:18 UTC 
(In reply to Romain Geissler from comment #4) 
> Thanks for this patch. Do you think we should also backport it in the
> release branch 2.35 ?

Yup.  Done.  :-)