mirror of
https://sourceware.org/git/binutils-gdb.git
synced 2025-01-26 18:03:33 +08:00
Revert previous delta to debug.c. Replace with patch to reject indirect types that point to indirect types.
PR 28718 * dwarf.c: Revert previous delta. (debug_get_real_type): Reject indirect types that point to indirect types. (debug_get_type_name, debug_get_type_size, debug_write_type): Likewise.
This commit is contained in:
parent
aed44286ef
commit
0e9f1c04b9
@ -1,6 +1,14 @@
|
||||
2022-01-06 Nick Clifton <nickc@redhat.com>
|
||||
2022-01-07 Pavel Mayorov <pmayorov@cloudlinux.com>
|
||||
|
||||
PR 28718
|
||||
* dwarf.c: Revert previous delta.
|
||||
(debug_get_real_type): Reject indirect types that point to
|
||||
indirect types.
|
||||
(debug_get_type_name, debug_get_type_size, debug_write_type):
|
||||
Likewise.
|
||||
|
||||
2022-01-06 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
* debug.c (debug_write_type): Allow for malicious recursion via
|
||||
indirect debug types.
|
||||
|
||||
|
@ -2065,7 +2065,9 @@ debug_get_real_type (void *handle, debug_type type,
|
||||
/* The default case is just here to avoid warnings. */
|
||||
default:
|
||||
case DEBUG_KIND_INDIRECT:
|
||||
if (*type->u.kindirect->slot != NULL)
|
||||
/* A valid non-self-referencing indirect type. */
|
||||
if (*type->u.kindirect->slot != NULL
|
||||
&& *type->u.kindirect->slot != type)
|
||||
return debug_get_real_type (handle, *type->u.kindirect->slot, &rl);
|
||||
return type;
|
||||
case DEBUG_KIND_NAMED:
|
||||
@ -2095,7 +2097,9 @@ debug_get_type_name (void *handle, debug_type type)
|
||||
{
|
||||
if (type->kind == DEBUG_KIND_INDIRECT)
|
||||
{
|
||||
if (*type->u.kindirect->slot != NULL)
|
||||
/* A valid non-self-referencing indirect type. */
|
||||
if (*type->u.kindirect->slot != NULL
|
||||
&& *type->u.kindirect->slot != type)
|
||||
return debug_get_type_name (handle, *type->u.kindirect->slot);
|
||||
return type->u.kindirect->tag;
|
||||
}
|
||||
@ -2124,7 +2128,9 @@ debug_get_type_size (void *handle, debug_type type)
|
||||
default:
|
||||
return 0;
|
||||
case DEBUG_KIND_INDIRECT:
|
||||
if (*type->u.kindirect->slot != NULL)
|
||||
/* A valid non-self-referencing indirect type. */
|
||||
if (*type->u.kindirect->slot != NULL
|
||||
&& *type->u.kindirect->slot != type)
|
||||
return debug_get_type_size (handle, *type->u.kindirect->slot);
|
||||
return 0;
|
||||
case DEBUG_KIND_NAMED:
|
||||
@ -2484,22 +2490,11 @@ debug_write_type (struct debug_handle *info,
|
||||
debug_error (_("debug_write_type: illegal type encountered"));
|
||||
return false;
|
||||
case DEBUG_KIND_INDIRECT:
|
||||
/* PR 28718: Allow for malicious recursion. */
|
||||
{
|
||||
static int recursion_depth = 0;
|
||||
bool result;
|
||||
|
||||
if (recursion_depth > 256)
|
||||
{
|
||||
debug_error (_("debug_write_type: too many levels of nested indirection"));
|
||||
return false;
|
||||
}
|
||||
++ recursion_depth;
|
||||
result = debug_write_type (info, fns, fhandle, *type->u.kindirect->slot,
|
||||
name);
|
||||
-- recursion_depth;
|
||||
return result;
|
||||
}
|
||||
/* Prevent infinite recursion. */
|
||||
if (*type->u.kindirect->slot == type)
|
||||
return (*fns->empty_type) (fhandle);
|
||||
return debug_write_type (info, fns, fhandle, *type->u.kindirect->slot,
|
||||
name);
|
||||
case DEBUG_KIND_VOID:
|
||||
return (*fns->void_type) (fhandle);
|
||||
case DEBUG_KIND_INT:
|
||||
|
Loading…
Reference in New Issue
Block a user