mirror of
https://sourceware.org/git/binutils-gdb.git
synced 2024-12-21 04:42:53 +08:00
84f5c557a4
The last section in a CTF dict is the string table, at an offset represented by the cth_stroff header field. Its length is recorded in the next field, cth_strlen, and the two added together are taken as the size of the CTF dict. Upon opening a dict, we check that none of the header offsets exceed this size, and we check when uncompressing a compressed dict that the result of the uncompression is the same length: but CTF dicts need not be compressed, and short ones are not. Uncompressed dicts just use the ctf_size without checking it. This field is thankfully almost unused: it is mostly used when reserializing a dict, which can't be done to dicts read off disk since they're read-only. However, when opening an uncompressed foreign-endian dict we have to copy it out of the mmaped region it is stored in so we can endian- swap it, and we use ctf_size when doing that. When the cth_strlen is corrupt, this can overrun. Fix this by checking the ctf_size in all uncompressed cases, just as we already do in the compressed case. Add a new test. This came to light because various corrupted-CTF raw-asm tests had an incorrect cth_strlen: fix all of them so they produce the expected error again. libctf/ PR libctf/28933 * ctf-open.c (ctf_bufopen_internal): Always check uncompressed CTF dict sizes against the section size in case the cth_strlen is corrupt. ld/ PR libctf/28933 * testsuite/ld-ctf/diag-strlen-invalid.*: New test, derived from diag-cttname-invalid.s. * testsuite/ld-ctf/diag-cttname-invalid.s: Fix incorrect cth_strlen. * testsuite/ld-ctf/diag-cttname-null.s: Likewise. * testsuite/ld-ctf/diag-cuname.s: Likewise. * testsuite/ld-ctf/diag-parlabel.s: Likewise. * testsuite/ld-ctf/diag-parname.s: Likewise. |
||
|---|---|---|
| .. | ||
| A-2.c | ||
| A.c | ||
| array-char.c | ||
| array-int.c | ||
| array.d | ||
| B-2.c | ||
| B.c | ||
| C-2.c | ||
| C.c | ||
| child-float.c | ||
| child-int.c | ||
| conflicting-cycle-1.B-1.d | ||
| conflicting-cycle-1.B-2.d | ||
| conflicting-cycle-1.parent.d | ||
| conflicting-cycle-2.A-1.d | ||
| conflicting-cycle-2.A-2.d | ||
| conflicting-cycle-2.parent.d | ||
| conflicting-cycle-3.C-1.d | ||
| conflicting-cycle-3.C-2.d | ||
| conflicting-cycle-3.parent.d | ||
| conflicting-enums.d | ||
| conflicting-typedefs.d | ||
| cross-tu-1.c | ||
| cross-tu-2.c | ||
| cross-tu-conflicting-2.c | ||
| cross-tu-cyclic-1.c | ||
| cross-tu-cyclic-2.c | ||
| cross-tu-cyclic-3.c | ||
| cross-tu-cyclic-4.c | ||
| cross-tu-cyclic-conflicting.d | ||
| cross-tu-cyclic-nonconflicting.d | ||
| cross-tu-into-cycle.d | ||
| cross-tu-noncyclic.d | ||
| ctf.exp | ||
| cycle-1.c | ||
| cycle-1.d | ||
| cycle-2.A.d | ||
| cycle-2.B.d | ||
| cycle-2.C.d | ||
| data-func-1.c | ||
| data-func-2.c | ||
| data-func-conflicted-vars.d | ||
| data-func-conflicted.d | ||
| diag-ctf-version-0.d | ||
| diag-ctf-version-0.s | ||
| diag-ctf-version-2-unsupported-feature.d | ||
| diag-ctf-version-2-unsupported-feature.s | ||
| diag-ctf-version-f.d | ||
| diag-ctf-version-f.s | ||
| diag-cttname-invalid.d | ||
| diag-cttname-invalid.s | ||
| diag-cttname-null.d | ||
| diag-cttname-null.s | ||
| diag-cuname.d | ||
| diag-cuname.s | ||
| diag-decompression-failure.d | ||
| diag-decompression-failure.s | ||
| diag-parlabel.d | ||
| diag-parlabel.s | ||
| diag-parname.d | ||
| diag-parname.s | ||
| diag-strlen-invalid.d | ||
| diag-strlen-invalid.s | ||
| diag-unsupported-flag.d | ||
| diag-unsupported-flag.s | ||
| diag-wrong-magic-number-mixed.d | ||
| diag-wrong-magic-number.d | ||
| diag-wrong-magic-number.s | ||
| enum-2.c | ||
| enum-forward.c | ||
| enum-forward.d | ||
| enum.c | ||
| enums.c | ||
| enums.d | ||
| forward.c | ||
| forward.d | ||
| function.c | ||
| function.d | ||
| nonrepresentable-1.c | ||
| nonrepresentable-2.c | ||
| nonrepresentable-member.c | ||
| nonrepresentable-member.d | ||
| nonrepresentable.d | ||
| slice.c | ||
| slice.d | ||
| super-sub-cycles.c | ||
| super-sub-cycles.d | ||
| typedef-int.c | ||
| typedef-long.c | ||
| union-1.c | ||