d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a segfault in ctfmerge due to a bug in gcc.

Browse Source 
GCC can generate bogus dwarf attributes with DW_AT_byte_size
set to 0xFFFFFFFF.
The issue was originaly detected in NetBSD but it has been
adapted for portability and to avoid compiler warnings.

Reference:
https://www.illumos.org/issues/3776

Obtained from:	NetBSD
MFC after:	1 month
This commit is contained in:
Pedro F. Giffuni 2013-07-26 00:28:19 +00:00
parent f1bd660622
commit c7cdfecc89
4 changed files with 55 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c
View File

@ -52,6 +52,8 @@ static char *curfile;
#define CTF_BUF_CHUNK_SIZE (64 * 1024)
#define RES_BUF_CHUNK_SIZE (64 * 1024)
static int ntypes=0; /* The number of types. */
struct ctf_buf {
strtab_t ctb_strtab; /* string table */
caddr_t ctb_base; /* pointer to base of buffer */
@ -1143,6 +1145,10 @@ resurrect_types(ctf_header_t *h, tdata_t *td, tdesc_t **tdarr, int tdsize,
(*mpp)->ml_type = tdarr[ctm->ctm_type];
(*mpp)->ml_offset = ctm->ctm_offset;
(*mpp)->ml_size = 0;
if (ctm->ctm_type > ntypes) {
parseterminate("Invalid member type ctm_type=%d",
ctm->ctm_type);
}
}
} else {
for (i = 0, mpp = &tdp->t_members; i < vlen;
@ -1159,6 +1165,10 @@ resurrect_types(ctf_header_t *h, tdata_t *td, tdesc_t **tdarr, int tdsize,
(*mpp)->ml_offset =
(int)CTF_LMEM_OFFSET(ctlm);
(*mpp)->ml_size = 0;
if (ctlm->ctlm_type > ntypes) {
parseterminate("Invalid lmember type ctlm_type=%d",
ctlm->ctlm_type);
}
}
}
@ -1272,9 +1282,10 @@ ctf_parse(ctf_header_t *h, caddr_t buf, symit_data_t *si, char *label)
{
tdata_t *td = tdata_new();
tdesc_t **tdarr;
int ntypes = count_types(h, buf);
int idx, i;
ntypes = count_types(h, buf);
/* shudder */
tdarr = xcalloc(sizeof (tdesc_t *) * (ntypes + 1));
tdarr[0] = NULL;

2
cddl/contrib/opensolaris/tools/ctf/cvt/ctftools.h
View File

@ -159,7 +159,7 @@ typedef struct ardef {
/* Auxiliary structure for structure/union tdesc_t */
typedef struct mlist {
int ml_offset; /* Offset from start of structure (in bits) */
int ml_size; /* Member size (in bits) */
uint_t ml_size; /* Member size (in bits) */
char *ml_name; /* Member name */
struct tdesc *ml_type; /* Member type */
struct mlist *ml_next; /* Next member */

42
cddl/contrib/opensolaris/tools/ctf/cvt/dwarf.c
View File

@ -674,6 +674,13 @@ die_array_create(dwarf_t *dw, Dwarf_Die arr, Dwarf_Off off, tdesc_t *tdp)
tdesc_t *dimtdp;
int flags;
/* Check for bogus gcc DW_AT_byte_size attribute */
if (uval == (unsigned)-1) {
printf("dwarf.c:%s() working around bogus -1 DW_AT_byte_size\n",
__func__);
uval = 0;
}
tdp->t_size = uval;
/*
@ -760,6 +767,12 @@ die_enum_create(dwarf_t *dw, Dwarf_Die die, Dwarf_Off off, tdesc_t *tdp)
tdp->t_type = ENUM;
(void) die_unsigned(dw, die, DW_AT_byte_size, &uval, DW_ATTR_REQ);
/* Check for bogus gcc DW_AT_byte_size attribute */
if (uval == (unsigned)-1) {
printf("dwarf.c:%s() working around bogus -1 DW_AT_byte_size\n",
__func__);
uval = 0;
}
tdp->t_size = uval;
if ((mem = die_child(dw, die)) != NULL) {
@ -873,7 +886,7 @@ static void
die_sou_create(dwarf_t *dw, Dwarf_Die str, Dwarf_Off off, tdesc_t *tdp,
int type, const char *typename)
{
Dwarf_Unsigned sz, bitsz, bitoff;
Dwarf_Unsigned sz, bitsz, bitoff, maxsz=0;
Dwarf_Die mem;
mlist_t *ml, **mlastp;
iidesc_t *ii;
@ -929,6 +942,8 @@ die_sou_create(dwarf_t *dw, Dwarf_Die str, Dwarf_Off off, tdesc_t *tdp,
ml->ml_name = NULL;
ml->ml_type = die_lookup_pass1(dw, mem, DW_AT_type);
debug(3, "die_sou_create(): ml_type = %p t_id = %d\n",
ml->ml_type, ml->ml_type->t_id);
if (die_mem_offset(dw, mem, DW_AT_data_member_location,
&mloff, 0)) {
@ -956,8 +971,24 @@ die_sou_create(dwarf_t *dw, Dwarf_Die str, Dwarf_Off off, tdesc_t *tdp,
*mlastp = ml;
mlastp = &ml->ml_next;
/* Find the size of the largest member to work around a gcc
* bug. See GCC Bugzilla 35998.
*/
if (maxsz < ml->ml_size)
maxsz = ml->ml_size;
} while ((mem = die_sibling(dw, mem)) != NULL);
/* See if we got a bogus DW_AT_byte_size. GCC will sometimes
* emit this.
*/
if (sz == (unsigned)-1) {
printf("dwarf.c:%s() working around bogus -1 DW_AT_byte_size\n",
__func__);
tdp->t_size = maxsz / 8; /* maxsz is in bits, t_size is bytes */
}
/*
* GCC will attempt to eliminate unused types, thus decreasing the
* size of the emitted dwarf. That is, if you declare a foo_t in your
@ -1054,7 +1085,7 @@ die_sou_resolve(tdesc_t *tdp, tdesc_t **tdpp __unused, void *private)
}
if (ml->ml_size != 0 && mt->t_type == INTRINSIC &&
mt->t_intr->intr_nbits != ml->ml_size) {
mt->t_intr->intr_nbits != (int)ml->ml_size) {
/*
* This member is a bitfield, and needs to reference
* an intrinsic type with the same width. If the
@ -1370,6 +1401,13 @@ die_base_create(dwarf_t *dw, Dwarf_Die base, Dwarf_Off off, tdesc_t *tdp)
*/
(void) die_unsigned(dw, base, DW_AT_byte_size, &sz, DW_ATTR_REQ);
/* Check for bogus gcc DW_AT_byte_size attribute */
if (sz == (unsigned)-1) {
printf("dwarf.c:%s() working around bogus -1 DW_AT_byte_size\n",
__func__);
sz = 0;
}
if (tdp->t_name == NULL)
terminate("die %llu: base type without name\n", off);

4
cddl/contrib/opensolaris/tools/ctf/cvt/st_parse.c
View File

@ -952,7 +952,7 @@ soudef(char *cp, stabtype_t type, tdesc_t **rtdp)
itdp = find_intrinsic(tdp);
if (itdp->t_type == INTRINSIC) {
if (mlp->ml_size != itdp->t_intr->intr_nbits) {
if ((int)mlp->ml_size != itdp->t_intr->intr_nbits) {
parse_debug(4, cp, "making %d bit intrinsic "
"from %s", mlp->ml_size, tdesc_name(itdp));
mlp->ml_type = bitintrinsic(itdp, mlp->ml_size);
@ -1173,7 +1173,7 @@ resolve_typed_bitfields_cb(void *arg, void *private __unused)
while (tdp) {
switch (tdp->t_type) {
case INTRINSIC:
if (ml->ml_size != tdp->t_intr->intr_nbits) {
if ((int)ml->ml_size != tdp->t_intr->intr_nbits) {
debug(3, "making %d bit intrinsic from %s",
ml->ml_size, tdesc_name(tdp));
ml->ml_type = bitintrinsic(tdp, ml->ml_size);