Fixes a problem with the BFD library running out of memory because it mistakenly

thought that an uncompressed .debug_str section was compressed. * compress.c (bfd_is_section_compressed): When checking the .debug_str section, also check the fifth byte in the section is not part of a string. * binutils-all/debug_str.s: New test. * binutils-all/debug_str.d: New test control file. * binutils-all/compress.exp: Run debug_str test.
2014-04-30 17:04:04 +01:00 · 2014-04-30 17:04:04 +01:00 · a953eec996
parent 1cfdf5340a
commit a953eec996
6 changed files with 53 additions and 0 deletions
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@ -1,3 +1,9 @@
+2014-04-30  Nick Clifton  <nickc@redhat.com>
+
+	* compress.c (bfd_is_section_compressed): When checking the
+	.debug_str section, also check the fifth byte in the section is
+	not part of a string.
+
 2014-04-30  Alan Modra  <amodra@gmail.com>

 	* elf-eh-frame.c (struct cie.personality): Replace val with sym.
--- a/bfd/compress.c
+++ b/bfd/compress.c
@ -24,6 +24,7 @@
 #ifdef HAVE_ZLIB_H
 #include <zlib.h>
 #endif
+#include "safe-ctype.h"

 #ifdef HAVE_ZLIB_H
 static bfd_boolean
@ -303,6 +304,15 @@ bfd_is_section_compressed (bfd *abfd, sec_ptr sec)
  compressed = (bfd_get_section_contents (abfd, sec, compressed_buffer, 0, 12)
 		&& CONST_STRNEQ ((char*) compressed_buffer, "ZLIB"));

+  /* Check for the pathalogical case of a debug string section that
+     contains the string ZLIB.... as the first entry.  We assume that
+     no uncompressed .debug_str section would ever be big enough to
+     have the first byte of its (big-endian) size be non-zero.  */
+  if (compressed
+      && strcmp (sec->name, ".debug_str") == 0
+      && ISPRINT (compressed_buffer[4]))
+    compressed = FALSE;
+
  /* Restore compress_status.  */
  sec->compress_status = saved;
  return compressed;
--- a/binutils/testsuite/ChangeLog
+++ b/binutils/testsuite/ChangeLog
@ -1,3 +1,9 @@
+2014-04-30  Nick Clifton  <nickc@redhat.com>
+
+	* binutils-all/debug_str.s: New test.
+	* binutils-all/debug_str.d: New test control file.
+	* binutils-all/compress.exp: Run debug_str test.
+
 2014-04-22  Christian Svensson  <blue@cmd.nu>

 	* binutils-all/objcopy.exp: Remove openrisc and or32 support.  Add
--- a/binutils/testsuite/binutils-all/compress.exp
+++ b/binutils/testsuite/binutils-all/compress.exp
@ -173,3 +173,13 @@ if ![string match "" $got] then {
 	fail "objcopy ($testname)"
    }
 }
+
+if ![is_remote host] {
+    set tempfile tmpdir/debug_str.o
+    set copyfile tmpdir/debug_str.copy
+} else {
+    set tempfile [remote_download host tmpdir/debug_str.o]
+    set copyfile debug_str.copy
+}
+
+run_dump_test "debug_str"
--- a/binutils/testsuite/binutils-all/debug_str.d
+++ b/binutils/testsuite/binutils-all/debug_str.d
@ -0,0 +1,9 @@
+#PROG: objcopy
+#source: debug_str.s
+#objdump: -h
+#name: Uncompressed .debug_str section starting with ZLIB
+
+.*ebug_str.copy.o:     file format .*
+#...
+  . .debug_str    0+01.  0+0  0+0  0+0..  2..0
+#...
--- a/binutils/testsuite/binutils-all/debug_str.s
+++ b/binutils/testsuite/binutils-all/debug_str.s
@ -0,0 +1,12 @@
+/*      This test is derived from a C source file which, when compiled by gcc
+	with debugging enabled, managed to create a .debug_str section whose
+	first string was ZLIB_VER_SUBVERSION.   The code in bfd/compress.c
+	used to just check for the characters "ZLIB" at the start of a section
+	and then assume that the section was compressed.  This meant that the BFD
+	library then processed the next 8 bytes as if they were the size of the
+	decompressed version of the section.  Naturally with this test case the	
+	resulting size was gigantic and consequently the library quickly ran out
+	of memory.  */
+
+	.section	.debug_str,"MS",@progbits,1
+	.string	"ZLIB_VER_SUBREVISION 0"