diff mbox series

asan: null dereference in read_and_display_attr_value

Message ID	ZSU5iBVni+Uru3bZ@squeak.grove.modra.org
State	New
Headers	DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D8AF73858D35 Date: Tue, 10 Oct 2023 22:16:16 +1030 From: Alan Modra <amodra@gmail.com> To: binutils@sourceware.org Subject: asan: null dereference in read_and_display_attr_value Message-ID: <ZSU5iBVni+Uru3bZ@squeak.grove.modra.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Precedence: list Errors-To: binutils-bounces+patchwork=sourceware.org@sourceware.org
Series	asan: null dereference in read_and_display_attr_value \| asan: null dereference in read_and_display_attr_value

Checks

Context	Check	Description
linaro-tcwg-bot/tcwg_binutils_build--master-arm	warning	Patch is already merged
linaro-tcwg-bot/tcwg_binutils_build--master-aarch64	warning	Patch is already merged
linaro-tcwg-bot/tcwg_binutils_check--master-aarch64	warning	Patch is already merged
linaro-tcwg-bot/tcwg_binutils_check--master-arm	warning	Patch is already merged

Commit Message

Alan Modra Oct. 10, 2023, 11:46 a.m. UTC

  This fixes multiple places in read_and_display_attr_value dealing with
range and location lists that can segfault when debug_info_p is NULL.
Fuzzed object files can contain arbitrary DW_FORMs.

	* dwarf.c (read_and_display_attr_value): Don't dereference NULL
	debug_info_p.

diff mbox series

Patch

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 7a350cae50b..646f280bdeb 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -2704,7 +2704,9 @@  read_and_display_attr_value (unsigned long attribute,
 
 	  if (form == DW_FORM_loclistx)
 	    {
-	      if (dwo)
+	      if (debug_info_p == NULL )
+		idx = (uint64_t) -1;
+	      else if (dwo)
 		{
 		  idx = fetch_indexed_offset (uvalue, loclists_dwo,
 					      debug_info_p->loclists_base,
@@ -2712,7 +2714,7 @@  read_and_display_attr_value (unsigned long attribute,
 		  if (idx != (uint64_t) -1)
 		    idx += (offset_size == 8) ? 20 : 12;
 		}
-	      else if (debug_info_p == NULL || dwarf_version > 4)
+	      else if (dwarf_version > 4)
 		{
 		  idx = fetch_indexed_offset (uvalue, loclists,
 					      debug_info_p->loclists_base,
@@ -2737,21 +2739,12 @@  read_and_display_attr_value (unsigned long attribute,
 	    }
 	  else if (form == DW_FORM_rnglistx)
 	    {
-	      if (dwo)
-		{
-		  idx = fetch_indexed_offset (uvalue, rnglists,
-					      debug_info_p->rnglists_base,
-					      debug_info_p->offset_size);
-		}
+	      if (debug_info_p == NULL)
+		idx = (uint64_t) -1;
 	      else
-		{
-		  if (debug_info_p == NULL)
-		    base = 0;
-		  else
-		    base = debug_info_p->rnglists_base;
-		  idx = fetch_indexed_offset (uvalue, rnglists, base,
-					      debug_info_p->offset_size);
-		}
+		idx = fetch_indexed_offset (uvalue, rnglists,
+					    debug_info_p->rnglists_base,
+					    debug_info_p->offset_size);
 	    }
 	  else
 	    {