From patchwork Tue Oct 10 11:46:16 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alan Modra <amodra@gmail.com>
X-Patchwork-Id: 150690
Return-Path: <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp133499vqb;
        Tue, 10 Oct 2023 04:46:58 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IGKpId5748R5osOjZ9FE9thCO+CChC5UzZQSpioUyD184sqkR+laPnd1gzpX9HOkr1pJh+z
X-Received: by 2002:a17:906:10a:b0:9a1:cbe4:d029 with SMTP id
 10-20020a170906010a00b009a1cbe4d029mr19262360eje.74.1696938418272;
        Tue, 10 Oct 2023 04:46:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1696938418; cv=none;
        d=google.com; s=arc-20160816;
        b=Xg3vZ4iW0VYl8yiaGSYKEKTdTdnBgXg8Rregx9jqLVuHIBn4Ki/I1YJ49gVPxPim7r
         po4yKuruBLh3SapJbQSCUbn1qsuJB88pjBuuDMo5VIPPpVVvF5KuWAaPe4sKueGVgjf0
         /N5wj4kIRAyXn0xvJCzxZImiZxhh0ASxQfHbzHLtvTOZqQG+qDa5TPiL9iVRDBQbI1HK
         Gocihi8FF61CdB0bCSRkQLKCNFdqNO+pgB3OSAfkuVdYRJpxLYfqkB517hSO2kr8msVb
         IlEqAq/CYm93XUo2+M3vJkdKA+F0x2ccGL+8pZrljH5YrYLoqoeqiy+wPlrRsXFeS7vb
         HfgA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=errors-to:list-subscribe:list-help:list-post:list-archive
         :list-unsubscribe:list-id:precedence:content-disposition
         :mime-version:message-id:subject:to:from:date:dkim-signature
         :dmarc-filter:delivered-to;
        bh=Cq0PNuYmPCQEzIYpPPXrMxMk/pkatkWMH6/F1qc7/WE=;
        fh=NLxAvL/bDfPg4AGOtxqvQlND8vazkZrNzKLY8+LAbBY=;
        b=bTajUYXm9c1k4dR7CGOSDgS+VGz7n2jXlc5+F2xZ/Kq2haEJqbDRydsWvumA/3RCVh
         BDfgy/m4hgcXbDLqz1Wwft+gban2mieVPzj/Nn+NyBrw1OB6Tdk6wQOzLl/B1twUYtOB
         GSybS/dEu1yWS+4MsbROC4lnqX0Kn2nqyzIvoAZ8Y8hnCU266wytzm02bgn3H9BQIZU9
         4m8I8NIyHwEx6DvT6dQqFXsyAybSUhdjcPShCj0ptfYFZ7SQzlK02WgLZuY++QNtdYLF
         j0Ho4+LdFajxFigDQoQ+exHoauyLha+aU6EEpVtRa71hAQxQeFjOWIHHWXXNc7bYMh4i
         cU9Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=Q7xA1DbO;
       spf=pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from server2.sourceware.org (server2.sourceware.org.
 [2620:52:3:1:0:246e:9693:128c])
        by mx.google.com with ESMTPS id
 y25-20020a170906471900b009a633e2fae9si5261688ejq.127.2023.10.10.04.46.57
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 10 Oct 2023 04:46:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=Q7xA1DbO;
       spf=pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id AE3D43852766
	for <ouuuleilei@gmail.com>; Tue, 10 Oct 2023 11:46:26 +0000 (GMT)
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com
 [IPv6:2607:f8b0:4864:20::42a])
 by sourceware.org (Postfix) with ESMTPS id D8AF73858D35
 for <binutils@sourceware.org>; Tue, 10 Oct 2023 11:46:20 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D8AF73858D35
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-pf1-x42a.google.com with SMTP id
 d2e1a72fcca58-69af8a42066so3170272b3a.1
 for <binutils@sourceware.org>; Tue, 10 Oct 2023 04:46:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1696938379; x=1697543179; darn=sourceware.org;
 h=content-disposition:mime-version:message-id:subject:to:from:date
 :from:to:cc:subject:date:message-id:reply-to;
 bh=Cq0PNuYmPCQEzIYpPPXrMxMk/pkatkWMH6/F1qc7/WE=;
 b=Q7xA1DbO30zBdpVhihtAiPS1jTH7jQxFZghY9V67cMtYwFQ/LOUwYl1rqaR3gr9nn0
 YkeQV4aEpfe64Od+jqwZEvVU7VVjfqLsJt23u5NN+ln1cGByCMhl9hPNKrcwoMAVkMcL
 KtyvoJ6N8VdZEqo1zV8JJ7m4vGOhe+/Ver0JIkQWnFUYLcquSyVZFje1+K7bzN4yZCVN
 +bI6ewXIxKFKTVWWXeYyIdfSfL6+oT6j68KZa/9a3aVKwKJnCUtVYhgX413B43YMQEf2
 oNzPv1DMppSGr+YLgmZDAZgYx4SE/UgDaLEwZFGTbhM2AogEC/YpyPMuU+BEF41Grt16
 I44g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1696938379; x=1697543179;
 h=content-disposition:mime-version:message-id:subject:to:from:date
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=Cq0PNuYmPCQEzIYpPPXrMxMk/pkatkWMH6/F1qc7/WE=;
 b=JpEl97vIhbWdDvtMx9YaxOQn7eMouOkcsq7PKSG0g+djLTJQCbBkhbuEHdAJWsDcLj
 X8bKuQMleL4b3gCQj+hopR6b9AOo+99D8Uzr7dDoS0dL0QkWBJcPe5GGmw+INRGgkHn/
 0UInSfCoPsSMp+UpqcG+i7R4onJM5Fbf6O4vIKb2fApwMqi3lgQN8jJa65yK/YOVk3nt
 Esfj94dPuj2ruo80+NK86zrOifj9HhwoGhJZTOLIWw5hU+DzNhq8l5SFmXqHZuPyBHJ/
 NBAxtR+4o9FYKZI20F6yxPJ53sRU16u+fJDa2BYK5tSzkMEGTVLyY+wUaRbOHQH4rJmN
 zEYQ==
X-Gm-Message-State: AOJu0YzRYLq2zx4qPo1n24LzyUvpLt39z78QiPbzQAu83Dg/Gta/ZjBj
 YfirqCF+ZJva3356KNHqgwsjERpRiqw=
X-Received: by 2002:a05:6a00:2d1e:b0:690:463a:fa9d with SMTP id
 fa30-20020a056a002d1e00b00690463afa9dmr18725735pfb.22.1696938379267;
 Tue, 10 Oct 2023 04:46:19 -0700 (PDT)
Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au.
 [58.96.106.158]) by smtp.gmail.com with ESMTPSA id
 s3-20020aa78283000000b00692b6fe1c7asm8291662pfm.179.2023.10.10.04.46.18
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 10 Oct 2023 04:46:18 -0700 (PDT)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
 id 333BA11426ED; Tue, 10 Oct 2023 22:16:16 +1030 (ACDT)
Date: Tue, 10 Oct 2023 22:16:16 +1030
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: asan: null dereference in read_and_display_attr_value
Message-ID: <ZSU5iBVni+Uru3bZ@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Disposition: inline
X-Spam-Status: No, score=-3034.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1779368898960032056
X-GMAIL-MSGID: 1779368898960032056

This fixes multiple places in read_and_display_attr_value dealing with
range and location lists that can segfault when debug_info_p is NULL.
Fuzzed object files can contain arbitrary DW_FORMs.

	* dwarf.c (read_and_display_attr_value): Don't dereference NULL
	debug_info_p.

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 7a350cae50b..646f280bdeb 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -2704,7 +2704,9 @@ read_and_display_attr_value (unsigned long attribute,
 
 	  if (form == DW_FORM_loclistx)
 	    {
-	      if (dwo)
+	      if (debug_info_p == NULL )
+		idx = (uint64_t) -1;
+	      else if (dwo)
 		{
 		  idx = fetch_indexed_offset (uvalue, loclists_dwo,
 					      debug_info_p->loclists_base,
@@ -2712,7 +2714,7 @@ read_and_display_attr_value (unsigned long attribute,
 		  if (idx != (uint64_t) -1)
 		    idx += (offset_size == 8) ? 20 : 12;
 		}
-	      else if (debug_info_p == NULL || dwarf_version > 4)
+	      else if (dwarf_version > 4)
 		{
 		  idx = fetch_indexed_offset (uvalue, loclists,
 					      debug_info_p->loclists_base,
@@ -2737,21 +2739,12 @@ read_and_display_attr_value (unsigned long attribute,
 	    }
 	  else if (form == DW_FORM_rnglistx)
 	    {
-	      if (dwo)
-		{
-		  idx = fetch_indexed_offset (uvalue, rnglists,
-					      debug_info_p->rnglists_base,
-					      debug_info_p->offset_size);
-		}
+	      if (debug_info_p == NULL)
+		idx = (uint64_t) -1;
 	      else
-		{
-		  if (debug_info_p == NULL)
-		    base = 0;
-		  else
-		    base = debug_info_p->rnglists_base;
-		  idx = fetch_indexed_offset (uvalue, rnglists, base,
-					      debug_info_p->offset_size);
-		}
+		idx = fetch_indexed_offset (uvalue, rnglists,
+					    debug_info_p->rnglists_base,
+					    debug_info_p->offset_size);
 	    }
 	  else
 	    {