Ref: https://gcc.gnu.org/wiki/DebugFissionDWP?action=recall&rev=3
Fuzzers have found a weakness in the code stashing pool section
entries. With random nonsensical values in the index entries (rather
than each index pointing to its own set distinct from other sets),
it's possible to overflow the space allocated, losing the NULL
terminator. Without a terminator, find_section_in_set can run off the
end of the shndx_pool buffer. Fix this by scanning the pool directly.
binutils/
* dwarf.c (add_shndx_to_cu_tu_entry): Delete range check.
(end_cu_tu_entry): Likewise.
(process_cu_tu_index): Fill shndx_pool by directly scanning
pool, rather than indirectly from index entries.
2022-08-16 Alan Modra <amodra@gmail.com>
Cunlong Li <shenxiaogll@163.com>
PR 29362
* dwarf.c (free_debug_information): New function, extracted..
(free_debug_memory): ..from here.
(process_debug_info): Use it when before clearing out unit
debug_information. Clear all fields.
* objcopy.c (delete_symbol_htabs): New function.
(main): Call it via xatexit.
(copy_archive): Free "dir".
* objdump.c (free_debug_section): Free reloc_info.
This changes readelf output a little, removing the 0x prefix on hex
output when the value is 0, except in cases where a fixed field
width is shown. %#010x is not a good replacement for 0x%08x.
This replaces dwarf_vma, dwarf_size_type and dwarf_signed_vma with
uint64_t and int64_t everywhere. The patch also gets rid of
DWARF_VMA_FMT since we can't use that with uint64_t, and all of the
configure support for deciding the flavour of HOST_WIDEST_INT.
dwarf_vmatoa also disappears, replacing most uses with one of
PRIx64, PRId64 or PRIu64. Printing of size_t and ptrdiff_t values
now use %z and %t rather than by casting to unsigned long. Also,
most warning messages that used 0x%lx or similar now use %#lx and a
few that didn't print the 0x hex prefix now also use %#. The patch
doesn't change normal readelf output, except in odd cases where values
previously might have been truncated.
Replacing bfd_size_type with dwarf_size_type or uint64_t is mostly
cosmetic. The point of the change is to avoid use of a BFD type
in readelf, where we'd like to keep as independent of BFD as
possible. Also, the patch is a step towards using standard types.
Fixes a segfault found by the fuzzers.
* dwarf.c (fetch_indexed_value): Return -1 on error.
(read_and_display_attr_value): Don't display string when
fetch_indexed_value returns an error. Sanity check loc_offsets
index.
Commit 244e19c791 changed a number of variables in display_gdb_index
to count entries rather than words.
PR 29337
* dwarf.c (display_gdb_index): Correct use of cu_list_elements.
The PR29370 testcase is a fuzzed object file with multiple
.trace_abbrev sections. Multiple .trace_abbrev or .debug_abbrev
sections are not a violation of the DWARF standard. The DWARF5
standard even gives an example of multiple .debug_abbrev sections
contained in groups. Caching and lookup of processed abbrevs thus
needs to be done by section and offset rather than base and offset.
(Why base anyway?) Or, since section contents are kept, by a pointer
into the contents.
PR 29370
* dwarf.c (struct abbrev_list): Replace abbrev_base and
abbrev_offset with raw field.
(find_abbrev_list_by_abbrev_offset): Delete.
(find_abbrev_list_by_raw_abbrev): New function.
(process_abbrev_set): Set list->raw and list->next.
(find_and_process_abbrev_set): Replace abbrev list lookup with
new function. Don't set list abbrev_base, abbrev_offset or next.
I'm inclined to think that abbrev caching is counter-productive. The
time taken to search the list of abbrevs converted to internal form is
non-zero, and it's easy to decode the raw abbrevs. It's especially
silly to cache empty lists of decoded abbrevs (happens with zero
padding in .debug_abbrev), or abbrevs as they are displayed when there
is no further use of those abbrevs. This patch stops caching in those
cases.
* dwarf.c (record_abbrev_list_for_cu): Add free_list param.
Put abbrevs on abbrev_lists here.
(new_abbrev_list): Delete function.
(process_abbrev_set): Return newly allocated list. Move
abbrev base, offset and size checking to..
(find_and_process_abbrev_set): ..here, new function. Handle
lookup of cached abbrevs here, and calculate start and end
for process_abbrev_set. Return free_list if newly alloc'd.
(process_debug_info): Consolidate cached list lookup, new list
alloc and processing into find_and_process_abbrev_set call.
Free list when not cached.
(display_debug_abbrev): Similarly.
* dwarf.c: Leading and trailing whitespace fixes.
(free_abbrev_list): New function.
(free_all_abbrevs): Use the above. Free cu_abbrev_map here too.
(process_abbrev_set): Print actual section name on error.
(get_type_abbrev_from_form): Add overflow check.
(free_debug_memory): Don't free cu_abbrev_map here..
(process_debug_info): ..or here. Warn on another case of not
finding a neeeded abbrev.
Adding support for location and range lists for split-dwarf and dwarf-5.
Following issues are taken care.
1. Display of the index values for DW_FORM_loclistx and DW_FORM_rnglistx.
2. Display of .debug_loclists.dwo and .debug_rnglists.dwo sections.
* dwarf.c(read_and_display_attr_value): Handle DW_FORM_loclistx
and DW_FORM_rnglistx for .dwo files.
(process_debug_info): Load .debug_loclists.dwo and
.debug_rnglists.dwo if exists.
(load_separate_debug_files): Load .debug_loclists and
.debug_rnglists if exists.
Include 2 entries in debug_displays table.
* dwarf.h (enum dwarf_section_display_enum): Include 2 entries.
* dwarf.c(process_debug_info): Include DW_TAG_skeleton_unit.
(display_debug_str_offsets): While dumping .debug_str_offsets.dwo,
pass proper str_offsets_base to fetch_indexed_string().
(load_separate_debug_files): Skip DWO ID dump for dwarf-5.
* dwarf.c (dwarf_select_sections_by_name): If the entry's value is
zero then clear the corresponding variable.
(dwarf_select_sections_by_letters): Likewise.
* testsuite/binutils-all/debuginfo.exp: Expect -WE and -wE
debuginfod tests to fail.
PR 29267
* dwarf.c (display_debug_rnglists): New function, broken out of..
(display_debug_ranges): ... here.
(read_and_display_attr_value): Correct calculation of index
displayed for DW_FORM_loclistx and DW_FORM_rnglistx.
* testsuite/binutils-all/x86-64/pr26808.dump: Update expected
output.
* dwarf.c (fetch_indexed_string): Do not use length of first table
in string section as the length of every table in the section.
* testsuite/binutils-all/pr26112.r: Update expected output.
For clang compiled objects with dwarf-5, location list offset address dump
under DW_AT_location is corrected, where DW_FORM_loclistx is used. While
dumping the location list offset, the address dumped is wrong where it was
refering to .debug_addr instead of .debug_loclists
* dwarf.c (fetch_indexed_value): Add base_address as parameter and
use it to access the section offset.
(read_and_display_attr_value): Handle DW_FORM_loclistx form separately.
Pass loclists_base to fetch_indexed_value().
* dwarf.c (fetch_indexed_string): Added new parameter
str_offsets_base to calculate the string offset.
(read_and_display_attr_value): Read DW_AT_str_offsets_base
attribute.
(process_debug_info): While allocating memory and initializing
debug_information, do it for do_debug_info also, if its true.
(load_separate_debug_files): Load .debug_str_offsets if exists.
* dwarf.h (struct debug_info): Add str_offsets_base field.
* dwarf.h (struct debug_info): Add rnglists_base field.
* dwarf.c (read_and_display_attr_value): Read attribute DW_AT_rnglists_base.
(display_debug_rnglists_list): While handling DW_RLE_base_addressx,
DW_RLE_startx_endx, DW_RLE_startx_length items, pass the proper parameter
value to fetch_indexed_addr(), i.e. fetch the proper entry in .debug_addr section.
(display_debug_ranges): Add rnglists_base to the .debug_rnglists base address.
(load_separate_debug_files): Load .debug_addr section, if exists.
PR 29250
binutils/
* dwarf.c (display_debug_frames): Set col_type[reg] on sizing
pass over FDE to cie->col_type[reg] if CIE specifies reg.
Handle DW_CFA_restore and DW_CFA_restore_extended on second
pass using the same logic. Remove unnecessary casts. Don't
call frame_need_space on second pass over FDE.
gas/
* testsuite/gas/i386/ehinterp.d,
* testsuite/gas/i386/ehinterp.s: New test.
* testsuite/gas/i386/i386.exp: Run it.
The fix here is to pass "section" down to read_and_display_attr_value.
The test in read_and_display_attr_value is a little bit of hardening.
PR 29171
* dwarf.c (display_debug_macro, display_debug_names): Pass section
to read_and_display_attr_value2.
(read_and_display_attr_value): Don't attempt to check for .dwo
section name when section is NULL.
* dwarf.c (dwarf_select_sections_by_names): Return zero if no
sections were selected.
(dwarf_select_sections_by_letters): Likewise.
* dwarf.h: (dwarf_select_sections_by_names): Update prototype.
(dwarf_select_sections_by_letters): Update prototype.
* objdump.c (might_need_separate_debug_info): New function.
(dump_bfd): Call new function before attempting to load separate
debug info files.
(main): Do not enable dwarf section dumping for -WK or -WN.
* readelf.c (parse_args): Do not enable dwarf section dumping for
-wK or -wN.
(might_need_separate_debug_info): New function.
(process_object): Call new function before attempting to load
separate debug info files.
* testsuite/binutils-all/debuginfo.exp: Expect -WE and -wE
debuginfod tests to pass.
* testsuite/binutils-all/objdump.Wk: Add extra regexps.
* testsuite/binutils-all/readelf.k: Add extra regexps.
As before, on sufficiently old glibc this conflicts with a global
identifier in the library headers. While there also zap the unusual
padding by blanks.
PR 28981
* dwarf.c (fetch_indexed_value): Rename to fecth_indexed_addr and
return the address, rather than a string.
(fetch_indexed_value): New function - returns a value indexed by a
DW_FORM_loclistx or DW_FORM_rnglistx form.
(read_and_display_attr_value): Add support for DW_FORM_loclistx
and DW_FORM_rnglistx.
(process_debug_info): Load the loclists and rnglists sections.
(display_loclists_list): Add support for DW_LLE_base_addressx,
DW_LLE_startx_endx, DW_LLE_startx_length and
DW_LLE_default_location.
(display_offset_entry_loclists): New function. Displays a
.debug_loclists section that contains offset entry tables.
(display_debug_loc): Call the new function.
(display_debug_rnglists_list): Add support for
DW_RLE_base_addressx, DW_RLE_startx_endx and DW_RLE_startx_length.
(display_debug_ranges): Display the contents of the section's
header.
* dwarf.h (struct debug_info): Add loclists_base field.
* testsuite/binutils-all/dw5.W: Update expected output.
* testsuite/binutils-all/x86-64/pr26808.dump: Likewise.
* dwarf.c (use_debuginfod): New variable. Set to 1.
(load_separate_debug_info): Only call
debuginfod_fetch_separate_debug_info is use_debuginfod is true.
(dwarf_select_sections_by_names): Add do-not-use-debuginfod and
use-debuginfod options.
(dwarf_select_sections_by_letters): Add D and E options.
* dwarf.h (use_debuginfod): New extern.
* objdump.c (usage): Mention the new options.
* readelf.c (usage): Likewise.
* doc/binutils.texi: Document the new options.
* doc/debug-options.texi: Describe the new options.
* NEWS: Mention the new feature.
* testsuite/binutils-all/debuginfod.exp: Add tests of the new
options.
As pre-approved by Alan in
https://sourceware.org/pipermail/binutils/2021-September/118019.html
and I believe people have run into getting testsuite failures for
test-environments with "long" directory names, at least once more
since that time. Enough. I grepped the gas, binutils and ld
testsuites for "CU:" to catch target-specific occurrences, but I
noticed none. I chose to remove "CU:" on the objdump tests instead of
changing options to get the wide format, so as to keep the name of the
test consistent with actual options; but added it to the readelf
options for the gas test as I believe the "CU:" format is preferable.
Tested for cris-elf and native x86_64-pc-linux-gnu.
binutils:
* dwarf.c (display_debug_lines_decoded): Don't check the
string length of the directory, instead emit the "CU: dir/name"
format only if wide output is requested.
* testsuite/binutils-all/dw5.W, testsuite/binutils-all/objdump.WL:
Adjust accordingly.
gas:
* testsuite/gas/elf/dwarf-5-loc0.d: Add -W to readelf options.
The result of running etc/update-copyright.py --this-year, fixing all
the files whose mode is changed by the script, plus a build with
--enable-maintainer-mode --enable-cgen-maint=yes, then checking
out */po/*.pot which we don't update frequently.
The copy of cgen was with commit d1dd5fcc38ead reverted as that commit
breaks building of bfp opcodes files.
dwarf.c:11300:3: error: format not a string literal and no format arguments [-Werror=format-security]
11300 | f += sprintf (f, prefix);
PR 28697
* dwarf.c (try_build_id_prefix): Avoid -Wformat-security error.
On Fedora 35,
$ readelf -d /usr/bin/npc
caused readelf to run out of stack since load_separate_debug_info
returned the input main file as the separate debug info:
(gdb) bt
#0 load_separate_debug_info (
main_filename=main_filename@entry=0x510f50 "/export/home/hjl/.cache/debuginfod_client/dcc33c51c49e7dafc178fdb5cf8bd8946f965295/debuginfo",
xlink=xlink@entry=0x4e5180 <debug_displays+4480>,
parse_func=parse_func@entry=0x431550 <parse_gnu_debuglink>,
check_func=check_func@entry=0x432ae0 <check_gnu_debuglink>,
func_data=func_data@entry=0x7fffffffdb60, file=file@entry=0x51d430)
at /export/gnu/import/git/sources/binutils-gdb/binutils/dwarf.c:11057
#1 0x000000000043328d in check_for_and_load_links (file=0x51d430,
filename=0x510f50 "/export/home/hjl/.cache/debuginfod_client/dcc33c51c49e7dafc178fdb5cf8bd8946f965295/debuginfo")
at /export/gnu/import/git/sources/binutils-gdb/binutils/dwarf.c:11381
#2 0x00000000004332ae in check_for_and_load_links (file=0x51b070,
filename=0x518dd0 "/export/home/hjl/.cache/debuginfod_client/dcc33c51c49e7dafc178fdb5cf8bd8946f965295/debuginfo")
Return NULL if the separate debug info is the same as the input main
file to avoid infinite recursion.
PR binutils/28679
* dwarf.c (load_separate_debug_info): Don't return the input
main file.
* dwarf.c (find_debug_info_for_offset): Use dwarf_vma type for
offsets, sizes and ranges.
(display_loc_list): Likewise. Also use print_dwarf_vma to print
the offset.
(display_loclists_list): Likewise.
(display_loc_list_dwo): Likewise.
(display_debug_str): Likewise.
(display_debug_aranges): Likewise.
(display_debug_ranges_list): Likewise.
(display_debug_rnglists_list): Likewise.
(display_debug_ranges): Likewise.
This little tweak terminates fuzzed binary readelf output a little
quicker.
PR 28543
* dwarf.c (read_and_display_attr_value): Consume a byte when
form is unrecognized.
Calculating "0 - pointer" can indeed result in seeming randomness as
the pointer address varies.
PR 28541
* dwarf.c (display_debug_frames): Don't print cie offset when
invalid, print "invalid" instead. Remove now redundant warning.
