asan: null dereference in read_and_display_attr_value

This fixes multiple places in read_and_display_attr_value dealing with range and location lists that can segfault when debug_info_p is NULL. Fuzzed object files can contain arbitrary DW_FORMs. * dwarf.c (read_and_display_attr_value): Don't dereference NULL debug_info_p.
2025-01-06 12:09:26 +08:00 · 2023-10-10 18:18:07 +10:30 · 2023-10-10 18:18:07 +10:30 · f22f27f46c
commit f22f27f46c
parent 322b071c45
1 changed files with 9 additions and 16 deletions
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@ -2770,7 +2770,9 @@ read_and_display_attr_value (unsigned long attribute,

 	  if (form == DW_FORM_loclistx)
 	    {
-	      if (dwo)
+	      if (debug_info_p == NULL )
+		idx = (uint64_t) -1;
+	      else if (dwo)
 		{
 		  idx = fetch_indexed_offset (uvalue, loclists_dwo,
 					      debug_info_p->loclists_base,
@ -2778,7 +2780,7 @@ read_and_display_attr_value (unsigned long attribute,
 		  if (idx != (uint64_t) -1)
 		    idx += (offset_size == 8) ? 20 : 12;
 		}
-	      else if (debug_info_p == NULL || dwarf_version > 4)
+	      else if (dwarf_version > 4)
 		{
 		  idx = fetch_indexed_offset (uvalue, loclists,
 					      debug_info_p->loclists_base,
@ -2803,21 +2805,12 @@ read_and_display_attr_value (unsigned long attribute,
 	    }
 	  else if (form == DW_FORM_rnglistx)
 	    {
-	      if (dwo)
-		{
-		  idx = fetch_indexed_offset (uvalue, rnglists,
-					      debug_info_p->rnglists_base,
-					      debug_info_p->offset_size);
-		}
+	      if (debug_info_p == NULL)
+		idx = (uint64_t) -1;
 	      else
-		{
-		  if (debug_info_p == NULL)
-		    base = 0;
-		  else
-		    base = debug_info_p->rnglists_base;
-		  idx = fetch_indexed_offset (uvalue, rnglists, base,
-					      debug_info_p->offset_size);
-		}
+		idx = fetch_indexed_offset (uvalue, rnglists,
+					    debug_info_p->rnglists_base,
+					    debug_info_p->offset_size);
 	    }
 	  else
 	    {