From patchwork Tue Oct 10 11:46:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alan Modra X-Patchwork-Id: 77384 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C46543861848 for ; Tue, 10 Oct 2023 11:46:36 +0000 (GMT) X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) by sourceware.org (Postfix) with ESMTPS id D8AF73858D35 for ; Tue, 10 Oct 2023 11:46:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D8AF73858D35 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pf1-x42a.google.com with SMTP id d2e1a72fcca58-69af8a42066so3170272b3a.1 for ; Tue, 10 Oct 2023 04:46:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696938379; x=1697543179; darn=sourceware.org; h=content-disposition:mime-version:message-id:subject:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=Cq0PNuYmPCQEzIYpPPXrMxMk/pkatkWMH6/F1qc7/WE=; b=Q7xA1DbO30zBdpVhihtAiPS1jTH7jQxFZghY9V67cMtYwFQ/LOUwYl1rqaR3gr9nn0 YkeQV4aEpfe64Od+jqwZEvVU7VVjfqLsJt23u5NN+ln1cGByCMhl9hPNKrcwoMAVkMcL KtyvoJ6N8VdZEqo1zV8JJ7m4vGOhe+/Ver0JIkQWnFUYLcquSyVZFje1+K7bzN4yZCVN +bI6ewXIxKFKTVWWXeYyIdfSfL6+oT6j68KZa/9a3aVKwKJnCUtVYhgX413B43YMQEf2 oNzPv1DMppSGr+YLgmZDAZgYx4SE/UgDaLEwZFGTbhM2AogEC/YpyPMuU+BEF41Grt16 I44g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696938379; x=1697543179; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Cq0PNuYmPCQEzIYpPPXrMxMk/pkatkWMH6/F1qc7/WE=; b=JpEl97vIhbWdDvtMx9YaxOQn7eMouOkcsq7PKSG0g+djLTJQCbBkhbuEHdAJWsDcLj X8bKuQMleL4b3gCQj+hopR6b9AOo+99D8Uzr7dDoS0dL0QkWBJcPe5GGmw+INRGgkHn/ 0UInSfCoPsSMp+UpqcG+i7R4onJM5Fbf6O4vIKb2fApwMqi3lgQN8jJa65yK/YOVk3nt Esfj94dPuj2ruo80+NK86zrOifj9HhwoGhJZTOLIWw5hU+DzNhq8l5SFmXqHZuPyBHJ/ NBAxtR+4o9FYKZI20F6yxPJ53sRU16u+fJDa2BYK5tSzkMEGTVLyY+wUaRbOHQH4rJmN zEYQ== X-Gm-Message-State: AOJu0YzRYLq2zx4qPo1n24LzyUvpLt39z78QiPbzQAu83Dg/Gta/ZjBj YfirqCF+ZJva3356KNHqgwsjERpRiqw= X-Google-Smtp-Source: AGHT+IHm8AO3Apz3GFatZNQbzoqHoz7kl9S0FhEXtoD2VgS5kX33VklALQbFi2NEDlyTA8SAjg5whw== X-Received: by 2002:a05:6a00:2d1e:b0:690:463a:fa9d with SMTP id fa30-20020a056a002d1e00b00690463afa9dmr18725735pfb.22.1696938379267; Tue, 10 Oct 2023 04:46:19 -0700 (PDT) Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au. [58.96.106.158]) by smtp.gmail.com with ESMTPSA id s3-20020aa78283000000b00692b6fe1c7asm8291662pfm.179.2023.10.10.04.46.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Oct 2023 04:46:18 -0700 (PDT) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id 333BA11426ED; Tue, 10 Oct 2023 22:16:16 +1030 (ACDT) Date: Tue, 10 Oct 2023 22:16:16 +1030 From: Alan Modra To: binutils@sourceware.org Subject: asan: null dereference in read_and_display_attr_value Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Spam-Status: No, score=-3034.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: binutils-bounces+patchwork=sourceware.org@sourceware.org This fixes multiple places in read_and_display_attr_value dealing with range and location lists that can segfault when debug_info_p is NULL. Fuzzed object files can contain arbitrary DW_FORMs. * dwarf.c (read_and_display_attr_value): Don't dereference NULL debug_info_p. diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 7a350cae50b..646f280bdeb 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -2704,7 +2704,9 @@ read_and_display_attr_value (unsigned long attribute, if (form == DW_FORM_loclistx) { - if (dwo) + if (debug_info_p == NULL ) + idx = (uint64_t) -1; + else if (dwo) { idx = fetch_indexed_offset (uvalue, loclists_dwo, debug_info_p->loclists_base, @@ -2712,7 +2714,7 @@ read_and_display_attr_value (unsigned long attribute, if (idx != (uint64_t) -1) idx += (offset_size == 8) ? 20 : 12; } - else if (debug_info_p == NULL || dwarf_version > 4) + else if (dwarf_version > 4) { idx = fetch_indexed_offset (uvalue, loclists, debug_info_p->loclists_base, @@ -2737,21 +2739,12 @@ read_and_display_attr_value (unsigned long attribute, } else if (form == DW_FORM_rnglistx) { - if (dwo) - { - idx = fetch_indexed_offset (uvalue, rnglists, - debug_info_p->rnglists_base, - debug_info_p->offset_size); - } + if (debug_info_p == NULL) + idx = (uint64_t) -1; else - { - if (debug_info_p == NULL) - base = 0; - else - base = debug_info_p->rnglists_base; - idx = fetch_indexed_offset (uvalue, rnglists, base, - debug_info_p->offset_size); - } + idx = fetch_indexed_offset (uvalue, rnglists, + debug_info_p->rnglists_base, + debug_info_p->offset_size); } else {