From patchwork Sun Nov 30 03:31:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alan Modra X-Patchwork-Id: 125614 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from vm01.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C84AC4209CF8 for ; Sun, 30 Nov 2025 03:32:15 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C84AC4209CF8 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=kKRG2+R6 X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by sourceware.org (Postfix) with ESMTPS id F095248F3405 for ; Sun, 30 Nov 2025 03:31:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org F095248F3405 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org F095248F3405 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=209.85.214.178 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1764473473; cv=none; b=q6ZmhEezPESO8xYnP2+u+muxFL4LoHjBcfA1e30pyokPG8n65xFqQGtBblpXUTfg+fT1txDQIXe4WEWzfKzIkxhdR+ZOaS20+WoCPqp7F18bRWfDtykTl3eEB8/fr0dlbsK9XWwSQ1pkF35R2/jCy1tV9CzWtc0MmCjIfneR1F8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1764473473; c=relaxed/simple; bh=ePBUrUMXgrjpFIR2h5JIbEZVToW2qJ9vp+AFbD9a0iw=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=ozP26R0m0frhQaJ/W8CYqrOQRNkEXLMZgVa608aPzanChFpBslkbKArmCGRfgV/iguTZ4EcjfBzm8Bj9TENe2u7SZ2UMXH9r9LvjJZZgN5US039/GqedXnwFWy/IDnxoiM50iWgZGlowW7F0ZZHEZykq5eQkyq8QALjvyII2GZE= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org F095248F3405 Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-298145fe27eso49918785ad.1 for ; Sat, 29 Nov 2025 19:31:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764473472; x=1765078272; darn=sourceware.org; h=content-disposition:mime-version:message-id:subject:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=l2jrcEPQaxH+hD8jQ5yshAka2o1IuCGc7aM7VI8s+2s=; b=kKRG2+R6fnQXXurg2QFmDntxNbphPt2ljMj7G2IxinRrfb+IpIXk+OnyTFTj3hayHD 3R4a8GN4lRC3DHdFIQPge8fzdZO1s2OPTYMzWWXHUr2o48PwoOxM8cEPQApi5cHdpC+X u9gLvFv1OUrQKvLDnryzsSHdrkvOfT0oaj+5iYmpfStEA/6Fcgel0GhOxBk41qpAaohN vBg92Lrzvme7QfeRGYes34nTDml8eMmLIdNcYjyZ1JIYR+PNTtjUzFH2eZN0UMDzFN28 e61srCPCZDhHhekKccpe2/JYiu3jNHXhL7YAIRujTN82A4GH/RwBnlXbmc6jg/YllvUA uNQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764473472; x=1765078272; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=l2jrcEPQaxH+hD8jQ5yshAka2o1IuCGc7aM7VI8s+2s=; b=mdEH1QxhgSekIpb8NghJnzS7v6BuqNaBYP0H/Z6zN5RIG+ZewiL3PiMS6I98FNBCZ2 wX8XNg8VaMW69LVctTtEEecUEAzrGRS6RvvUxrvDfSTosKE/2cM75WxH4zj6H7ELpx+L fRGepeoE0RgNb/QRl2XdG5xyqgnCbXsEuNMFsm/xnUneGvN8WxDJB8L3YiMMJaIDSHFf 3nc46KvOJQ05yHJ6lfSNIuP88yHatwPp7xilAotmSlToxZtW0Igx2HnTElE1cGmRyflD L/cO4Oy32Th7wNMk/y+JrW5g1tyFmaAuXxFdZFU3zoxBQ3Hjp59aDk9c2KbtGqkzc0E3 vopg== X-Gm-Message-State: AOJu0YzltV1UWDIGi8ugvr5FeOHydwG7y7ueRU583zLym/T3giC786I/ j+GtmdfICHyMcj+FCnE8ISPkxj4Q4LItw/eFwERTZONy4r1+ZXgobWQFziTWgw== X-Gm-Gg: ASbGnctleh8WLwCTyQWWZQxYgOxx0tsHDBlNpjuxtYUwW+xzbSw2sV9OVIRlKd91+Me 6x4fny3PEN20xSQSJj7tby14YKz3t2SaTo1GdZUWEyHMi5ZyMia6Enn0hEyJMM8IEkPW+S+MNq5 Q5NDHmY2M/5uPxsHCWw8gtjHwoWNdwrKAVukLQIkEBb5GHZfVr5sW/Lnvvf8Xgdt5l8riKhTuxn Ffn4r36eV0q9Cv5tgsBpqhcB+lW/euKRwNsjaRwu8Hlig6+qM4m6kg+nEZxn+8uAKOI6lecTHCv B8haOjgeD+mLolg45bCp11Q0hRwHyXAF3eojwN/r+o8oNnEc44suJSEFnMeeyXCmJwkOOqKbJqx eYb3KWpYyXQId0Ts+r4DeJf+WY9aIhgrzqRTMBi7GMDXJYVgcirEm/BULKuUtmBikn4CmaeEzsV WoNdpJDmkqMZDv43ZFZbeMRmM= X-Google-Smtp-Source: AGHT+IGRjb6+reuUFnA0J/I3VrKY3Rx2xzJDfHMUrIIV6EWAl2OT3kBUcS6M8XaNB/hNMmCDcFOITA== X-Received: by 2002:a17:903:2f4f:b0:295:586d:677f with SMTP id d9443c01a7336-29baae42241mr214516625ad.10.1764473471574; Sat, 29 Nov 2025 19:31:11 -0800 (PST) Received: from squeak.grove.modra.org ([2406:3400:51d:8cc0:6499:7488:1ebf:c162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29bceb277d0sm86071145ad.53.2025.11.29.19.31.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 29 Nov 2025 19:31:11 -0800 (PST) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id 1DA7711427EA; Sun, 30 Nov 2025 14:01:09 +1030 (ACDT) Date: Sun, 30 Nov 2025 14:01:09 +1030 From: Alan Modra To: binutils@sourceware.org Subject: PR 33637, abort in byte_get Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Spam-Status: No, score=-3029.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: binutils-bounces~patchwork=sourceware.org@sourceware.org When DWARF5 support was added to binutils in commit 77145576fadc, the loop over CUs in process_debug_info set do_types when finding a DW_UT_type unit, in order to process the signature and type offset entries. Unfortunately that broke debug_information/debug_info_p handling, which previously was allocated and initialised for each unit in .debug_info. debug_info_p was NULL when processing a DWARF4 .debug_types section. After the 77145576fadc change it was possible for debug_infp_p to be non-NULL but point to zeroed data, in particular a zeroed offset_size. A zero for offset_size led to the byte_get_little_endian abort triggered by the fuzzer testcase. I haven't investigated whether there is any need for a valid offset_size when processing a non-fuzzed DWARF4 .debug_types section. Presumably we'd have found that out in the last 6 years if that was the case. We don't want to change debug_information[] for .debug_types! PR 33637 * dwarf.c (process_debug_info): Don't change DO_TYPES flag bit depending on cu_unit_type. Instead test cu_unit_type along with DO_TYPES to handle signature and type_offset for a type unit. Move find_cu_tu_set_v2 call a little later. diff --git a/binutils/dwarf.c b/binutils/dwarf.c index e10e33095db..2659f25e179 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -3891,8 +3891,6 @@ process_debug_info (struct dwarf_section * section, SAFE_BYTE_GET_AND_INC (compunit.cu_version, hdrptr, 2, end_cu); - this_set = find_cu_tu_set_v2 (cu_offset, (do_flags & DO_TYPES)); - if (compunit.cu_version < 5) { compunit.cu_unit_type = DW_UT_compile; @@ -3902,11 +3900,6 @@ process_debug_info (struct dwarf_section * section, else { SAFE_BYTE_GET_AND_INC (compunit.cu_unit_type, hdrptr, 1, end_cu); - if (compunit.cu_unit_type == DW_UT_type) - do_flags |= DO_TYPES; - else - do_flags &= ~DO_TYPES; - SAFE_BYTE_GET_AND_INC (compunit.cu_pointer_size, hdrptr, 1, end_cu); } @@ -3920,6 +3913,7 @@ process_debug_info (struct dwarf_section * section, SAFE_BYTE_GET_AND_INC (dwo_id, hdrptr, 8, end_cu); } + this_set = find_cu_tu_set_v2 (cu_offset, (do_flags & DO_TYPES)); if (this_set == NULL) { abbrev_base = 0; @@ -3976,8 +3970,6 @@ process_debug_info (struct dwarf_section * section, SAFE_BYTE_GET_AND_INC (compunit.cu_version, hdrptr, 2, end_cu); - this_set = find_cu_tu_set_v2 (cu_offset, (do_flags & DO_TYPES)); - if (compunit.cu_version < 5) { compunit.cu_unit_type = DW_UT_compile; @@ -3987,16 +3979,12 @@ process_debug_info (struct dwarf_section * section, else { SAFE_BYTE_GET_AND_INC (compunit.cu_unit_type, hdrptr, 1, end_cu); - if (compunit.cu_unit_type == DW_UT_type) - do_flags |= DO_TYPES; - else - do_flags &= ~DO_TYPES; - SAFE_BYTE_GET_AND_INC (compunit.cu_pointer_size, hdrptr, 1, end_cu); } SAFE_BYTE_GET_AND_INC (compunit.cu_abbrev_offset, hdrptr, offset_size, end_cu); + this_set = find_cu_tu_set_v2 (cu_offset, (do_flags & DO_TYPES)); if (this_set == NULL) { abbrev_base = 0; @@ -4028,7 +4016,7 @@ process_debug_info (struct dwarf_section * section, compunit.cu_pointer_size = offset_size; } - if (do_flags & DO_TYPES) + if ((do_flags & DO_TYPES) || compunit.cu_unit_type == DW_UT_type) { SAFE_BYTE_GET_AND_INC (signature, hdrptr, 8, end_cu); SAFE_BYTE_GET_AND_INC (type_offset, hdrptr, offset_size, end_cu); @@ -4044,7 +4032,7 @@ process_debug_info (struct dwarf_section * section, || do_debug_ranges || do_debug_info) && num_debug_info_entries == 0 && alloc_num_debug_info_entries > unit - && ! (do_flags & DO_TYPES)) + && !(do_flags & DO_TYPES)) { free_debug_information (&debug_information[unit]); memset (&debug_information[unit], 0, sizeof (*debug_information)); @@ -4075,7 +4063,7 @@ process_debug_info (struct dwarf_section * section, printf (_(" Abbrev Offset: %#" PRIx64 "\n"), compunit.cu_abbrev_offset); printf (_(" Pointer Size: %d\n"), compunit.cu_pointer_size); - if (do_flags & DO_TYPES) + if ((do_flags & DO_TYPES) || compunit.cu_unit_type == DW_UT_type) { printf (_(" Signature: %#" PRIx64 "\n"), signature); printf (_(" Type Offset: %#" PRIx64 "\n"), type_offset); @@ -4350,7 +4338,7 @@ process_debug_info (struct dwarf_section * section, we need to process .debug_loc and .debug_ranges sections. */ if (((do_flags & DO_LOC) || do_debug_loc || do_debug_ranges || do_debug_info) && num_debug_info_entries == 0 - && ! (do_flags & DO_TYPES)) + && !(do_flags & DO_TYPES)) { if (num_units > alloc_num_debug_info_entries) num_debug_info_entries = alloc_num_debug_info_entries;