Avoid the use of sprintf with a "%s" format string, replacing with
strcpy or stpcpy. Use sprintf return value rather than a later
strlen. Don't use strcat where we can keep track of the end of a
string output buffer.
* dlltool.c (look_for_prog): memcpy prefix and strcpy prog_name.
* dllwrap.c (look_for_prog): Likewise.
* resrc.c (look_for_default): Likewise. Add quotes with memmove
rather than allocating another buffer.
* size.c (size_number): Use sprintf return value.
* stabs.c (parse_stab_argtypes): Likewise.
* windmc.c (write_bin): Likewes, and use stpcpy.
* wrstabs.c: Similarly throughout.
Trying to free malloc'd memory used by the stabs and coff debug info
parsers is complicated, and traversing the trees generated requires a
lot of code. It's better to bfd_alloc the memory which allows it all
to be freed without fuss when the bfd is closed. In the process of
doing this I reverted most of commit a6336913332.
Some of the stabs handling code grows arrays of pointers with realloc,
to deal with arbitrary numbers of fields, function args, etc. The
code still does that but copies over to bfd_alloc memory when
finished. The alternative is to parse twice, once to size, then again
to populate the arrays. I think that complication is unwarranted.
Note that there is a greater than zero chance this patch breaks
something, eg. that I missed an attempt to free obj_alloc memory.
Also it seems there are no tests in the binutils testsuite aimed at
exercising objdump --debugging.
* budbg.h (finish_stab, parse_stab): Update prototypes
* debug.c: Include bucomm.h.
(struct debug_handle): Add "abfd" field.
(debug_init): Add "abfd" param. bfd_alloc handle.
(debug_xalloc, debug_xzalloc): New functions. Use throughout
in place of xmalloc and memset.
(debug_start_source): Remove "name_used" param.
* debug.h (debug_init, debug_start_source): Update prototypes.
(debug_xalloc, debug_xzalloc): Declare.
* objcopy.c (copy_object): Don't free dhandle.
* objdump.c (dump_bfd): Likewise.
* rdcoff.c (coff_get_slot): Add dhandle arg. debug_xzalloc
memory in place of xcalloc. Update callers.
(parse_coff_struct_type): Don't leak on error return. Copy
fields over to debug_xalloc memory.
(parse_coff_enum_type): Copy names and vals over the
debug_xalloc memory.
* rddbg.c (read_debugging_info): Adjust debug_init call.
Don't free dhandle.
(read_section_stabs_debugging_info): Don't free shandle.
Adjust parse_stab call. Call finish_stab on error return.
(read_symbol_stabs_debugging_info): Similarly.
* stabs.c (savestring): Delete unnecessary forward declaration.
Add dhandle param. debug_xalloc memory. Update callers.
(start_stab): Delete unnecessary casts.
(finish_stab): Add "emit" param. Free file_types, so_string,
and stabs handle.
(parse_stab): Delete string_used param. Revert code dealing
with string_used. Copy so_string passed to debug_set_filename
and stored as main_filename to debug_xalloc memory. Similarly
for string passed to debug_start_source and push_bincl. Copy
args to debug_xalloc memory. Don't leak args.
(parse_stab_enum_type): Copy names and values to debug_xalloc
memory. Don't free name.
(parse_stab_struct_type): Don't free fields.
(parse_stab_baseclasses): Delete unnecessary cast.
(parse_stab_struct_fields): Return debug_xalloc fields.
(parse_stab_cpp_abbrev): Use debug_xalloc for _vb$ type name.
(parse_stab_one_struct_field): Don't free name.
(parse_stab_members): Copy variants and methods to
debug_xalloc memory. Don't free name or argtypes.
(parse_stab_argtypes): Use debug_xalloc memory for physname
and args.
(push_bincl): Add dhandle param. Use debug_xalloc memory.
(stab_record_variable): Use debug_xalloc memory.
(stab_emit_pending_vars): Don't free var list.
(stab_find_slot): Add dhandle param. Use debug_xzalloc
memory. Update all callers.
(stab_find_tagged_type): Don't free name. Use debug_xzalloc.
(stab_demangle_qualified): Don't free name.
(stab_demangle_template): Don't free s1.
(stab_demangle_args): Tidy pvarargs refs. Copy *pargs on
success to debug_xalloc memory, free on failure.
(stab_demangle_fund_type): Don't free name.
(stab_demangle_v3_arglist): Copy args to debug_xalloc memory.
Don't free dt.
This should sort out some very old FIXMEs in code handling stabs
debug info. Necessary if we are to fuss over freeing up memory before
objdump and objcopy exit. It is of course better from a user
viewpoint to *not* free memory, which takes some time, and leave that
to process exit. The only reason to do so is that having many memory
leaks in binutils/ code tends to hide leaks in bfd/ or opcodes/, which
we should care about.
* budbg.h (parse_stab): Update prototype.
* debug.h (debug_start_source): Update prototype.
* debug.c (debug_start_source): Add name_used. Set if stashed.
* rddbg.c (read_symbol_stabs_debugging_info): Always malloc
stab string passed to parse_stab. Free stab string when
unreferenced.
(read_section_stabs_debugging_info): Likewise, and strings
section contents.
* stabs.c (parse_stab): Add string_used param. Set if string
stashed. Pass to debug_start_source. Realloc file_types
array rather that using malloc. Clarify comment about
debug_make_indirect_type.
Fuzzers have found that specifying a large stab type number results in
lots of memory being requested, as the list is extended with a 16
element array at a time until we reach the given stab type. It also
takes a long time. Of course normal sane stab types use small
positive integers, but it's not hard to modify the code to handle type
numbers starting anyhere.
* stabs.c (struct stab_types): Add base_index.
(stab_find_slot): Simplify filenum check. Delete type number
check. Don't allocate entire array from 0 to type number,
allocate a sparse array.
The newer update-copyright.py fixes file encoding too, removing cr/lf
on binutils/bfdtest2.c and ld/testsuite/ld-cygwin/exe-export.exp, and
embedded cr in binutils/testsuite/binutils-all/ar.exp string match.
I have no info on the format of a "SUNPRO C++ Namespace" stab, so am
relying on the previous code being correct in parsing these stabs.
Just don't allow NULs anywhere in the stab.
PR 28862
* stabs.c (parse_stab_string): Don't overrun buffer when parsing
'Y' stab.
The result of running etc/update-copyright.py --this-year, fixing all
the files whose mode is changed by the script, plus a build with
--enable-maintainer-mode --enable-cgen-maint=yes, then checking
out */po/*.pot which we don't update frequently.
The copy of cgen was with commit d1dd5fcc38ead reverted as that commit
breaks building of bfp opcodes files.
PR 24044
* cxxfilt.c (hp_symbol_characters): Delete.
(main): Remove depcreated demangling styles.
* stabs.c (parse_stab_argtypes): Remove support for old gnu v2
demangling opnames.
* testsuite/binutils-all/cxxfilt.exp: Use the
--no-strip-underscore option for targets that do prefix their
symbols with underscores.
Update tests to elimiate those that use gnu v2 encoding.
The previous commit breaks the GDB build, which is still using functions
cplus_demangle_opname & co. Since removing these usages is not an
obvious fix, let's revert this patch until we get rid of them.
PR 24044
* stabs.c (parse_stab_argtypes): Remove call to
cplus_mangle_opcode.
* testsuite/binutils-all/cxxfilt.exp: Replace tests of v2 encoding
with v3 encoding. Add escape for known failures.
This patch addresses the multitude of bug reports about resource exhaustion
in libiberty's name demangling code. It adds a limit to the amount of
recursion that is allowed, before an error is triggered. It also adds a
new demangling option to disable this limit. (The limit is enabled by
default).
PR 87681
PR 87675
PR 87636
PR 87335
libiberty * cp-demangle.h (struct d_info): Add recursion_limit field.
* cp-demangle.c (d_function_type): If the recursion limit is
enabled and reached, return with a failure result.
(d_demangle_callback): If the recursion limit is enabled, check
for a mangled string that is so long that there is not enough
stack space for the local arrays.
* cplus-dem.c (struct work): Add recursion_level field.
(demangle_nested_args): If the recursion limit is enabled and
reached, return with a failure result.
include * demangle.h (DMGL_RECURSE_LIMIT): Define.
(DEMANGLE_RECURSION_LIMIT): Prototype.
binutuils * addr2line.c (demangle_flags): New static variable.
(long_options): Add --recurse-limit and --no-recurse-limit.
(translate_address): Pass demangle_flags to bfd_demangle.
(main): Handle --recurse-limit and --no-recurse-limit options.
* cxxfilt.c (flags): Add DMGL_RECURSE_LIMIT.
(long_options): Add --recurse-limit and --no-recurse-limit.
(main): Handle new options.
* dlltool.c (gen_def_file): Include DMGL_RECURSE_LIMIT in flags
passed to cplus_demangle.
* nm.c (demangle_flags): New static variable.
(long_options): Add --recurse-limit and --no-recurse-limit.
(main): Handle new options.
* objdump.c (demangle_flags): New static variable.
(usage): Add --recurse-limit and --no-recurse-limit.
(long_options): Likewise.
(objdump_print_symname): Pass demangle_flags to bfd_demangle.
(disassemble_section): Likewise.
(dump_dymbols): Likewise.
(main): Handle new options.
* prdbg.c (demangle_flags): New static variable.
(tg_variable): Pass demangle_flags to demangler.
(tg_start_function): Likewise.
* stabs.c (demangle_flags): New static variable.
(stab_demangle_template): Pass demangle_flags to demangler.
(stab_demangle_v3_argtypes): Likewise.
(stab_demangle_v3_arg): Likewise.
* doc/binutuls.texi: Document new command line options.
* NEWS: Mention the new feature.
* testsuite/config/default.exp (CXXFILT): Define if not already
defined.
(CXXFILTFLAGS): Likewise.
* testsuite/binutils-all/cxxfilt.exp: New file. Runs a few
simple tests of the cxxfilt program.
PR 22955
* stabs.c (parse_number): Add p_end parameter and use it to check
the validity of the pp parameter. Add checks to prevent walking
off the end of the string buffer.
(parse_stab_string): Likewise.
(parse_stab_type): Likewise.
(parse_stab_type_number): Likewise.
(parse_stab_range_type): Likewise.
(parse_stab_sun_builtin_type): Likewise.
(parse_stab_sun_floating_type): Likewise.
(parse_stab_enum_type): Likewise.
(parse_stab_struct_type): Likewise.
(parse_stab_baseclasses): Likewise.
(parse_stab_struct_fields): Likewise.
(parse_stab_cpp_abbrev): Likewise.
(parse_stab_one_struct_field): Likewise.
(parse_stab_members): Likewise.
(parse_stab_tilde_field): Likewise.
(parse_stab_array_type): Likewise.
* parse_stab: Compute the end of the string and then pass it on to
individual parser functions.
GCC 6 warns:
error: result of ‘4294967295ll << 32’ requires 65 bits to represent, but ‘long long int’ only has 64 bits [-Werror=shift-overflow=]
on ((((bfd_signed_vma) 0xffffffff) << 32) | 0xffffffff). This patch
replaces it with bfd_signed_vma) 0xffffffffffffffffLL.
* stabs.c (parse_stab_range_type): Use 0xffffffffffffffffLL.
PR binutils/17512
* dwarf.c (read_and_display_attr_value): Check that we do not read
past end.
(display_debug_pubnames_worker): Add range checks.
(process_debug_info): Check for invalid pointer sizes.
(display_loc_list): Likewise.
(display_loc_list_dwo): Likewise.
(display_debug_ranges): Likewise.
(display_debug_aranges): Check for invalid address size.
(read_cie): Add range checks. Replace call strchr with while loop.
* objdump.c (dump_dwarf): Replace abort with a warning message.
(print_section_stabs): Improve range checks.
* rdcoff.c (coff_get_slot): Use long for indx parameter type.
Add check for an excesively large index.
* rddbg.c (read_section_stabs_debugging_info): Zero terminate the
string table. Avoid walking off the end of the stabs data.
* stabs.c (parse_stab_string): Add check for a NULL name.
PR binutils/17512
* coffcode.h (coff_slurp_line_table): Set the line number of
corrupt entries to -1.
(coff_slurp_symbol_table): Alway initialise the value of the
symbol.
* coffgen.c (coff_print_symbol): Check that the combined pointer
is valid.
(coff_print_symbol): Do not print negative line numbers.
* peXXigen.c (pe_print_idata): Add range checking displaying
member names.
argument and emits the string followed by a comma and then the length of
the string.
(CONST_STRNEQ): New macro. Checks to see if a variable string has a constant
string as its initial characters.
(CONST_STRNCPY): New macro. Copies a constant string to the start of a
variable string.
* bfd-in2.h: Regenerate.
* <remainign files>: Make use of the new macros.
out of stab_demangle_v3_argtypes.
(stab_demangle_v3_argtypes): Call it.
(stab_demangle_v3_arg): Handle DEMANGLE_COMPONENT_FUNCTION_TYPE.
If we find an unrecognized component, print out its number.
