gdb-6_5-7_fc6 from embargo branch.

2006-09-04 07:49:04 +00:00 · 2006-09-04 07:49:04 +00:00 · e6628c4a6c
parent a23697f5db
commit e6628c4a6c
2 changed files with 67 additions and 23 deletions
--- a/gdb-6.5-dwarf-stack-overflow.patch
+++ b/gdb-6.5-dwarf-stack-overflow.patch
@ -1,49 +1,89 @@
 for gdb/ChangeLog:
-2006-08-14  Will Drewry <wad@google.com>
+2006-08-22  Will Drewry <wad@google.com>
 	    Tavis Ormandy <taviso@google.com>
-	* dwarf2read.c (decode_locdesc): Avoid overflows in expression
+	* dwarf2read.c (decode_locdesc): Enforce location description stack
-	stack.
+	boundaries.
 	* dwarfread.c (locval): Likewise.
 Index: gdb-6.5/gdb/dwarf2read.c
 ===================================================================
--- gdb-6.5.orig/gdb/dwarf2read.c	2006-08-23 04:12:09.000000000 -0300
+--- gdb-6.5.orig/gdb/dwarf2read.c	2006-09-04 02:02:23.000000000 -0300
-+++ gdb-6.5/gdb/dwarf2read.c	2006-08-23 04:16:17.000000000 -0300
+++ gdb-6.5/gdb/dwarf2read.c	2006-09-04 02:02:23.000000000 -0300
-@@ -8864,6 +8864,16 @@ decode_locdesc (struct dwarf_block *blk,
+@@ -8667,8 +8667,7 @@ dwarf2_fundamental_type (struct objfile 
    callers will only want a very basic result and this can become a
    complaint.
 -   Note that stack[0] is unused except as a default error return.
 -   Note that stack overflow is not yet handled.  */
 +   Note that stack[0] is unused except as a default error return. */
 static CORE_ADDR
 decode_locdesc (struct dwarf_block *blk, struct dwarf2_cu *cu)
@@ -8685,7 +8684,7 @@ decode_locdesc (struct dwarf_block *blk,
   i = 0;
   stacki = 0;
 -  stack[stacki] = 0;
 +  stack[++stacki] = 0;
   while (i < size)
     {
@@ -8864,6 +8863,16 @@ decode_locdesc (struct dwarf_block *blk,
 		     dwarf_stack_op_name (op));
 	  return (stack[stacki]);
 	}
-+
+      /* Enforce maximum stack depth of size-1 to avoid ++stacki writing
-+      /* Enforce maximum stack depth of 63 to avoid ++stacki writing
+         outside of the allocated space. Also enforce minimum > 0.
-+	 outside of the given size.  Also enforce minimum > 0.  */
+         -- wad@google.com 14 Aug 2006 */
-+      if (stacki >= sizeof(stack)/sizeof(*stack) - 1)
+      if (stacki >= sizeof (stack) / sizeof (*stack) - 1)
 +	internal_error (__FILE__, __LINE__,
-+			_("location description stack too deep: %d"),
+	                _("location description stack too deep: %d"),
-+			stacki);
+	                stacki);
 +      if (stacki <= 0)
 +	internal_error (__FILE__, __LINE__,
-+			_("location description stack too shallow"));
+	                _("location description stack too shallow"));
     }
   return (stack[stacki]);
 }
 Index: gdb-6.5/gdb/dwarfread.c
 ===================================================================
 --- gdb-6.5.orig/gdb/dwarfread.c	2005-12-17 20:33:59.000000000 -0200
-+++ gdb-6.5/gdb/dwarfread.c	2006-08-23 04:17:24.000000000 -0300
+++ gdb-6.5/gdb/dwarfread.c	2006-09-04 02:02:23.000000000 -0300
-@@ -2224,6 +2224,16 @@ locval (struct dieinfo *dip)
+@@ -2138,9 +2138,7 @@ decode_line_numbers (char *linetable)
    NOTES
 -   Note that stack[0] is unused except as a default error return.
 -   Note that stack overflow is not yet handled.
 - */
 +   Note that stack[0] is unused except as a default error return. */
 static int
 locval (struct dieinfo *dip)
@@ -2160,7 +2158,7 @@ locval (struct dieinfo *dip)
   loc += nbytes;
   end = loc + locsize;
   stacki = 0;
 -  stack[stacki] = 0;
 +  stack[++stacki] = 0;
   dip->isreg = 0;
   dip->offreg = 0;
   dip->optimized_out = 1;
@@ -2224,6 +2222,16 @@ locval (struct dieinfo *dip)
 	  stacki--;
 	  break;
 	}
-+
+      /* Enforce maximum stack depth of size-1 to avoid ++stacki writing
-+      /* Enforce maximum stack depth of 63 to avoid ++stacki writing
+         outside of the allocated space. Also enforce minimum > 0.
-+	 outside of the given size.  Also enforce minimum > 0.  */
+         -- wad@google.com 14 Aug 2006 */
-+      if (stacki >= sizeof(stack)/sizeof(*stack) - 1)
+      if (stacki >= sizeof (stack) / sizeof (*stack) - 1)
 +	internal_error (__FILE__, __LINE__,
-+			_("location description stack too deep: %d"),
+	                _("location description stack too deep: %d"),
-+			stacki);
+	                stacki);
 +      if (stacki <= 0)
 +	internal_error (__FILE__, __LINE__,
-+			_("location description stack too shallow"));
+	                _("location description stack too shallow"));
     }
   return (stack[stacki]);
 }
--- a/gdb.spec
+++ b/gdb.spec
@ -11,7 +11,7 @@ Name: gdb
 Version: 6.5
 # The release always contains a leading reserved number, start it at 0.
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPL
 Group: Development/Debuggers
@ -247,6 +247,7 @@ Patch188: gdb-6.5-bz203661-emit-relocs.patch
 Patch189: gdb-6.5-opcodes-i386-nopmem.patch
 # Security patch: avoid stack overflows in dwarf expression computation.
 # CVE-2006-4146
 Patch190: gdb-6.5-dwarf-stack-overflow.patch
 BuildRequires: ncurses-devel glibc-devel gcc make gzip texinfo dejagnu gettext
@ -510,6 +511,9 @@ fi
 # don't include the files in include, they are part of binutils
 %changelog
 * Mon Sep  4 2006 Alexandre Oliva <aoliva@redhat.com> - 6.5-7
 - Fix bug in patch for CVE-2006-4146. (BZ 203873, BZ 203880)
 * Thu Aug 24 2006 Alexandre Oliva <aoliva@redhat.com> - 6.5-6
 - Avoid overflows and underflows in dwarf expression computation stack.
 (BZ 203873)