| Line 1... |
Line 1... |
| 1 |
/* rddbg.c -- Read debugging information into a generic form. |
1 |
/* rddbg.c -- Read debugging information into a generic form. |
| 2 |
Copyright 1995, 1996, 1997, 2000, 2002, 2003, 2005, 2007, 2008, |
- |
|
| 3 |
2010 Free Software Foundation, Inc. |
2 |
Copyright (C) 1995-2015 Free Software Foundation, Inc. |
| 4 |
Written by Ian Lance Taylor . |
3 |
Written by Ian Lance Taylor . |
| Line 5... |
Line 4... |
| 5 |
|
4 |
|
| Line 6... |
Line 5... |
| 6 |
This file is part of GNU Binutils. |
5 |
This file is part of GNU Binutils. |
| Line 138... |
Line 137... |
| 138 |
bfd_errmsg (bfd_get_error ())); |
137 |
bfd_errmsg (bfd_get_error ())); |
| 139 |
return FALSE; |
138 |
return FALSE; |
| 140 |
} |
139 |
} |
| Line 141... |
Line 140... |
| 141 |
|
140 |
|
| 142 |
strsize = bfd_section_size (abfd, strsec); |
141 |
strsize = bfd_section_size (abfd, strsec); |
| 143 |
strings = (bfd_byte *) xmalloc (strsize); |
142 |
strings = (bfd_byte *) xmalloc (strsize + 1); |
| 144 |
if (! bfd_get_section_contents (abfd, strsec, strings, 0, strsize)) |
143 |
if (! bfd_get_section_contents (abfd, strsec, strings, 0, strsize)) |
| 145 |
{ |
144 |
{ |
| 146 |
fprintf (stderr, "%s: %s: %s\n", |
145 |
fprintf (stderr, "%s: %s: %s\n", |
| 147 |
bfd_get_filename (abfd), names[i].strsecname, |
146 |
bfd_get_filename (abfd), names[i].strsecname, |
| 148 |
bfd_errmsg (bfd_get_error ())); |
147 |
bfd_errmsg (bfd_get_error ())); |
| 149 |
return FALSE; |
148 |
return FALSE; |
| 150 |
} |
- |
|
| - |
|
149 |
} |
| - |
|
150 |
/* Zero terminate the strings table, just in case. */ |
| 151 |
|
151 |
strings [strsize] = 0; |
| 152 |
if (shandle == NULL) |
152 |
if (shandle == NULL) |
| 153 |
{ |
153 |
{ |
| 154 |
shandle = start_stab (dhandle, abfd, TRUE, syms, symcount); |
154 |
shandle = start_stab (dhandle, abfd, TRUE, syms, symcount); |
| 155 |
if (shandle == NULL) |
155 |
if (shandle == NULL) |
| Line 158... |
Line 158... |
| 158 |
|
158 |
|
| Line 159... |
Line 159... |
| 159 |
*pfound = TRUE; |
159 |
*pfound = TRUE; |
| 160 |
|
160 |
|
| - |
|
161 |
stroff = 0; |
| 161 |
stroff = 0; |
162 |
next_stroff = 0; |
| 162 |
next_stroff = 0; |
163 |
/* PR 17512: file: 078-60391-0.001:0.1. */ |
| 163 |
for (stab = stabs; stab < stabs + stabsize; stab += 12) |
164 |
for (stab = stabs; stab <= (stabs + stabsize) - 12; stab += 12) |
| 164 |
{ |
165 |
{ |
| 165 |
unsigned int strx; |
166 |
unsigned int strx; |
| 166 |
int type; |
167 |
int type; |
| Line 183... |
Line 184... |
| 183 |
stroff = next_stroff; |
184 |
stroff = next_stroff; |
| 184 |
next_stroff += value; |
185 |
next_stroff += value; |
| 185 |
} |
186 |
} |
| 186 |
else |
187 |
else |
| 187 |
{ |
188 |
{ |
| - |
|
189 |
size_t len; |
| 188 |
char *f, *s; |
190 |
char *f, *s; |
| Line 189... |
Line -... |
| 189 |
|
- |
|
| 190 |
f = NULL; |
- |
|
| 191 |
|
191 |
|
| 192 |
if (stroff + strx > strsize) |
192 |
if (stroff + strx >= strsize) |
| 193 |
{ |
193 |
{ |
| 194 |
fprintf (stderr, "%s: %s: stab entry %ld is corrupt, strx = 0x%x, type = %d\n", |
194 |
fprintf (stderr, _("%s: %s: stab entry %ld is corrupt, strx = 0x%x, type = %d\n"), |
| 195 |
bfd_get_filename (abfd), names[i].secname, |
195 |
bfd_get_filename (abfd), names[i].secname, |
| 196 |
(long) (stab - stabs) / 12, strx, type); |
196 |
(long) (stab - stabs) / 12, strx, type); |
| 197 |
continue; |
197 |
continue; |
| Line 198... |
Line 198... |
| 198 |
} |
198 |
} |
| - |
|
199 |
|
| Line -... |
Line 200... |
| - |
|
200 |
s = (char *) strings + stroff + strx; |
| - |
|
201 |
f = NULL; |
| - |
|
202 |
|
| - |
|
203 |
/* PR 17512: file: 002-87578-0.001:0.1. |
| 199 |
|
204 |
It is possible to craft a file where, without the 'strlen (s) > 0', |
| 200 |
s = (char *) strings + stroff + strx; |
205 |
an attempt to read the byte before 'strings' would occur. */ |
| 201 |
|
206 |
while ((len = strlen (s)) > 0 |
| 202 |
while (s[strlen (s) - 1] == '\\' |
207 |
&& s[len - 1] == '\\' |
| Line 203... |
Line 208... |
| 203 |
&& stab + 12 < stabs + stabsize) |
208 |
&& stab + 12 < stabs + stabsize) |
| 204 |
{ |
209 |
{ |
| 205 |
char *p; |
210 |
char *p; |
| - |
|
211 |
|
| 206 |
|
212 |
stab += 12; |
| - |
|
213 |
p = s + len - 1; |
| - |
|
214 |
*p = '\0'; |
| - |
|
215 |
strx = stroff + bfd_get_32 (abfd, stab); |
| 207 |
stab += 12; |
216 |
if (strx >= strsize) |
| - |
|
217 |
{ |
| - |
|
218 |
fprintf (stderr, _("%s: %s: stab entry %ld is corrupt\n"), |
| 208 |
p = s + strlen (s) - 1; |
219 |
bfd_get_filename (abfd), names[i].secname, |
| 209 |
*p = '\0'; |
220 |
(long) (stab - stabs) / 12); |
| 210 |
s = concat (s, |
221 |
break; |
| Line 211... |
Line 222... |
| 211 |
((char *) strings |
222 |
} |
| 212 |
+ stroff |
223 |
else |
| 213 |
+ bfd_get_32 (abfd, stab)), |
224 |
s = concat (s, (char *) strings + strx, |