{
asection *msec;
const char *section_name = sec->uncompressed_name;
+ bfd_byte *contents = *section_buffer;
/* The section may have already been read. */
- if (*section_buffer == NULL)
+ if (contents == NULL)
{
msec = bfd_get_section_by_name (abfd, section_name);
if (! msec)
}
*section_size = msec->rawsize ? msec->rawsize : msec->size;
- if (syms)
- {
- *section_buffer
- = bfd_simple_get_relocated_section_contents (abfd, msec, NULL, syms);
- if (! *section_buffer)
- return FALSE;
- }
- else
- {
- *section_buffer = (bfd_byte *) bfd_malloc (*section_size);
- if (! *section_buffer)
- return FALSE;
- if (! bfd_get_section_contents (abfd, msec, *section_buffer,
- 0, *section_size))
- return FALSE;
- }
-
- /* Paranoia - if we are reading in a string section, make sure that it
- is NUL terminated. This is to prevent string functions from running
- off the end of the buffer. Note - knowing the size of the buffer is
- not enough as some functions, eg strchr, do not have a range limited
- equivalent.
-
- FIXME: We ought to use a flag in the dwarf_debug_sections[] table to
- determine the nature of a debug section, rather than checking the
- section name as we do here. */
- if (*section_size > 0
- && (*section_buffer)[*section_size - 1] != 0
- && (strstr (section_name, "_str") || strstr (section_name, "names")))
+ /* Paranoia - alloc one extra so that we can make sure a string
+ section is NUL terminated. */
+ contents = (bfd_byte *) bfd_malloc (*section_size + 1);
+ if (contents == NULL)
+ return FALSE;
+ if (syms
+ ? !bfd_simple_get_relocated_section_contents (abfd, msec, contents,
+ syms)
+ : !bfd_get_section_contents (abfd, msec, contents, 0, *section_size))
{
- bfd_byte * new_buffer = malloc (*section_size + 1);
-
- _bfd_error_handler (_("warning: dwarf string section '%s' is not NUL terminated"),
- section_name);
- memcpy (new_buffer, *section_buffer, *section_size);
- new_buffer[*section_size] = 0;
- free (*section_buffer);
- *section_buffer = new_buffer;
+ free (contents);
+ return FALSE;
}
+ contents[*section_size] = 0;
+ *section_buffer = contents;
}
/* It is possible to get a bad value for the offset into the section
{
return (new_line->address > line->address
|| (new_line->address == line->address
- && (new_line->op_index > line->op_index
- || (new_line->op_index == line->op_index
- && new_line->end_sequence < line->end_sequence))));
+ && new_line->op_index > line->op_index));
}
table->sequences = seq;
table->num_sequences++;
}
- else if (new_line_sorts_after (info, seq->last_line))
+ else if (info->end_sequence
+ || new_line_sorts_after (info, seq->last_line))
{
/* Normal case: add 'info' to the beginning of the current sequence. */
info->prev_line = seq->last_line;
return FALSE;
}
+ /* PR 22210. Paranoia check. Don't bother running the loop
+ if we know that we are going to run out of buffer. */
+ if (data_count > (bfd_vma) (buf_end - buf))
+ {
+ _bfd_error_handler (_("Dwarf Error: data count (%Lx) larger than buffer size."),
+ data_count);
+ bfd_set_error (bfd_error_bad_value);
+ return FALSE;
+ }
+
for (datai = 0; datai < data_count; datai++)
{
bfd_byte *format = format_header_data;
char *string_trash;
char **stringp = &string_trash;
unsigned int uint_trash, *uintp = &uint_trash;
+ struct attribute attr;
content_type = _bfd_safe_read_leb128 (abfd, format, &bytes_read,
FALSE, buf_end);
form = _bfd_safe_read_leb128 (abfd, format, &bytes_read, FALSE,
buf_end);
format += bytes_read;
+
+ buf = read_attribute_value (&attr, form, 0, unit, buf, buf_end);
+ if (buf == NULL)
+ return FALSE;
switch (form)
{
case DW_FORM_string:
- *stringp = read_string (abfd, buf, buf_end, &bytes_read);
- buf += bytes_read;
- break;
-
case DW_FORM_line_strp:
- *stringp = read_indirect_line_string (unit, buf, buf_end, &bytes_read);
- buf += bytes_read;
+ *stringp = attr.u.str;
break;
case DW_FORM_data1:
- *uintp = read_1_byte (abfd, buf, buf_end);
- buf += 1;
- break;
-
case DW_FORM_data2:
- *uintp = read_2_bytes (abfd, buf, buf_end);
- buf += 2;
- break;
-
case DW_FORM_data4:
- *uintp = read_4_bytes (abfd, buf, buf_end);
- buf += 4;
- break;
-
case DW_FORM_data8:
- *uintp = read_8_bytes (abfd, buf, buf_end);
- buf += 8;
- break;
-
case DW_FORM_udata:
- *uintp = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE,
- buf_end);
- buf += bytes_read;
- break;
-
- case DW_FORM_block:
- /* It is valid only for DW_LNCT_timestamp which is ignored by
- current GDB. */
+ *uintp = attr.u.val;
break;
}
}
}
}
+ if (stash->funcinfo_hash_table)
+ bfd_hash_table_free (&stash->funcinfo_hash_table->base);
+ if (stash->varinfo_hash_table)
+ bfd_hash_table_free (&stash->varinfo_hash_table->base);
if (stash->dwarf_abbrev_buffer)
free (stash->dwarf_abbrev_buffer);
if (stash->dwarf_line_buffer)