From patchwork Wed Oct  3 22:07:15 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ian Lance Taylor <iant@google.com>
X-Patchwork-Id: 188940
Return-Path: 
 <gcc-patches-return-327982-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	by ozlabs.org (Postfix) with SMTP id C4BE02C031D
	for <incoming@patchwork.ozlabs.org>;
	Thu,  4 Oct 2012 08:07:32 +1000 (EST)
Comment: DKIM? See http://www.dkim.org
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;
	d=gcc.gnu.org; s=default; x=1349906853; h=Comment:
	DomainKey-Signature:Received:Received:Received:Received:Received:
	Received:From:To:Cc:Subject:Date:Message-ID:User-Agent:
	MIME-Version:Content-Type:Mailing-List:Precedence:List-Id:
	List-Unsubscribe:List-Archive:List-Post:List-Help:Sender:
	Delivered-To; bh=7LF6Vx7hZeiqGcWedHJ6u2JeqnQ=; b=PVJi4ffKqEeg2GP
	1xuFcspy6U9EpKjn/9G1WUFJOo4lGbJ4aYWJCBUJulVAyNTSx8zwAOJg30ZXCCT7
	jkUHFLuEznkyZ20jJ8//EVgNU8yQYvIumMzGe2DNZfIoZk2BKH07malI2EZVEMAo
	2XTR11JhMFdJ+EMxlJWnTcAl0QYY=
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gcc.gnu.org;
	h=Received:Received:X-SWARE-Spam-Status:X-Spam-Check-By:Received:Received:X-Google-DKIM-Signature:Received:Received:From:To:Cc:Subject:Date:Message-ID:User-Agent:MIME-Version:Content-Type:X-Gm-Message-State:X-IsSubscribed:Mailing-List:Precedence:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:Sender:Delivered-To;
	b=Qm2fc6+o4w/8BNm7+esFo1ECMk6ycHoZ+uIMjVXD5qsQ7uolW8a7qKFKLc7RdI
	39mrCwEKXn4xToasYK7LvscewYwRbZ7bUO+BXaAGycwZ81R+1c+91gwoZoo6Z5Fb
	j+USMA8O2wANRlzoUvYcdKDxjKr1JA6AtpMgTzTXByPcI=;
Received: (qmail 8764 invoked by alias); 3 Oct 2012 22:07:29 -0000
Received: (qmail 8751 invoked by uid 22791); 3 Oct 2012 22:07:28 -0000
X-SWARE-Spam-Status: No, hits=-6.6 required=5.0	tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, KHOP_RCVD_TRUST, RCVD_IN_DNSWL_LOW,
	RCVD_IN_HOSTKARMA_YE, RP_MATCHES_RCVD, T_TVD_MIME_NO_HEADERS
X-Spam-Check-By: sourceware.org
Received: from mail-pb0-f47.google.com (HELO mail-pb0-f47.google.com)
	(209.85.160.47) by sourceware.org (qpsmtpd/0.43rc1) with
	ESMTP; Wed, 03 Oct 2012 22:07:22 +0000
Received: by pbbro12 with SMTP id ro12so10816665pbb.20 for
	<gcc-patches@gcc.gnu.org>; Wed, 03 Oct 2012 15:07:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=20120113;
	h=from:to:cc:subject:date:message-id:user-agent:mime-version
	:content-type:x-gm-message-state;
	bh=BF3dgsN2sCySK1nJSPbtlYc9tAbzn84pLumztvOEHis=;
	b=IrUsMPwsXNN+lXcGiACU1/kvzAMUD5NAIpg3Qzyof/L/pPqzZh1LWEXbTAwM2AdHOL
	mvG80sqRUYega686ws0UdBRjwNj4lAWqTDWL7uk8o+QXMLvkKKMThQF6PY/rFfRLGp0B
	pyVQ78J7J7muZuog4VICSLkfqfyTdD8ffVtZ4JBZ9eSQGzGBRNt36Pzo+D+hpD6nmz+U
	yGQYZA1XAhqm3VmfCtddJmxFHOi4N8NMQqLig9jiCW5go3GpYs9RxdFLn5Eqn5K32z4E
	N91sDM6mjHGVC+fmGNAL4hP4yKXWthM/ycGcToETlhwB5GOb/q+9AqFcd3AGph4py5oh
	CQug==
Received: by 10.66.78.69 with SMTP id z5mr8299410paw.14.1349302040748;
	Wed, 03 Oct 2012 15:07:20 -0700 (PDT)
Received: from coign.google.com ([2620:0:1000:2301:f2de:f1ff:fe40:72a8]) by
	mx.google.com with ESMTPS id
	kp3sm3193733pbc.64.2012.10.03.15.07.16 (version=TLSv1/SSLv3
	cipher=OTHER); Wed, 03 Oct 2012 15:07:20 -0700 (PDT)
From: Ian Lance Taylor <iant@google.com>
To: gcc-patches@gcc.gnu.org
Cc: Philip Prindeville <philipp@fedoraproject.org>
Subject: libbacktrace patch committed: Fix leb128 overflow test
Date: Wed, 03 Oct 2012 15:07:15 -0700
Message-ID: <mcrbogjxl9o.fsf@google.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux)
MIME-Version: 1.0
X-Gm-Message-State: 
 ALoCoQnqUKD/O7zBA6dobvM/ihyTa16OGsImfK5rCQTtNAS5FkJJ2txvXdrEwecBMji/zGYwrO86uggalCjVIfeVdFjVTOaBbL1vqRue0LcJA/foVFIYTQzgDyxpVVCD90KSFe9/KrAE9sm54xxNdxW63bWVzEZtUvWEIwk304CauKw9fa6j7axbx/NJt5J0qxBvWGAa3tqv
X-IsSubscribed: yes
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org

This patch to libbacktrace fixes the overflow test for the leb128
reading routines.  What matters is not the shift after the loop, but the
shift within the loop.  This also removes the setting of unit_buf.start
in build_address_map, which was simply wrong and was causing the error
message to print the wrong offset in the .debug_info section.
Bootstrapped and ran libbacktrace testsuite on
x86_64-unknown-linux-gnu.  Committed to mainline.

Ian


2012-10-03  Ian Lance Taylor  <iant@google.com>

	* dwarf.c (read_uleb128): Fix overflow test.
	(read_sleb128): Likewise.
	(build_address_map): Don't change unit_buf.start.

Index: dwarf.c
===================================================================
--- dwarf.c	(revision 191858)
+++ dwarf.c	(working copy)
@@ -524,10 +524,12 @@ read_uleb128 (struct dwarf_buf *buf)
 {
   uint64_t ret;
   unsigned int shift;
+  int overflow;
   unsigned char b;
 
   ret = 0;
   shift = 0;
+  overflow = 0;
   do
     {
       const unsigned char *p;
@@ -536,14 +538,17 @@ read_uleb128 (struct dwarf_buf *buf)
       if (!advance (buf, 1))
 	return 0;
       b = *p;
-      ret |= ((uint64_t) (b & 0x7f)) << shift;
+      if (shift < 64)
+	ret |= ((uint64_t) (b & 0x7f)) << shift;
+      else if (!overflow)
+	{
+	  dwarf_buf_error (buf, "LEB128 overflows uint64_t");
+	  overflow = 1;
+	}
       shift += 7;
     }
   while ((b & 0x80) != 0);
 
-  if (shift > 64)
-    dwarf_buf_error (buf, "LEB128 overflows uint64_5");
-
   return ret;
 }
 
@@ -554,10 +559,12 @@ read_sleb128 (struct dwarf_buf *buf)
 {
   uint64_t val;
   unsigned int shift;
+  int overflow;
   unsigned char b;
 
   val = 0;
   shift = 0;
+  overflow = 0;
   do
     {
       const unsigned char *p;
@@ -566,15 +573,18 @@ read_sleb128 (struct dwarf_buf *buf)
       if (!advance (buf, 1))
 	return 0;
       b = *p;
-      val |= ((uint64_t) (b & 0x7f)) << shift;
+      if (shift < 64)
+	val |= ((uint64_t) (b & 0x7f)) << shift;
+      else if (!overflow)
+	{
+	  dwarf_buf_error (buf, "signed LEB128 overflows uint64_t");
+	  overflow = 1;
+	}
       shift += 7;
     }
   while ((b & 0x80) != 0);
 
-  if (shift > 64)
-    dwarf_buf_error (buf, "signed LEB128 overflows uint64_t");
-
-  if ((b & 0x40) != 0)
+  if ((b & 0x40) != 0 && shift < 64)
     val |= ((uint64_t) -1) << shift;
 
   return (int64_t) val;
@@ -1262,7 +1272,6 @@ build_address_map (struct backtrace_stat
 	}
 
       unit_buf = info;
-      unit_buf.start = info.buf;
       unit_buf.left = len;
 
       if (!advance (&info, len))