Fix a segfault in ctfmerge due to a bug in gcc.

GCC can generate bogus dwarf attributes with DW_AT_byte_size set to 0xFFFFFFFF. The issue was originaly detected in NetBSD but it has been adapted for portability and to avoid compiler warnings. Reference: https://www.illumos.org/issues/3776 Obtained from: NetBSD MFC after: 1 month
author: pfg <pfg@FreeBSD.org> 2013-07-26 00:28:19 +0000
committer: pfg <pfg@FreeBSD.org> 2013-07-26 00:28:19 +0000
commit: 34504eb8a950687bf141e5748ab804c903d3ed3c (patch)
tree: 3835e545a57881bdfab8b9c6b637002224d90e6d /cddl/contrib
parent: 0f2f7957393d210c4606f7096c07a8f0bcebc03c (diff)
download: FreeBSD-src-34504eb8a950687bf141e5748ab804c903d3ed3c.zip
FreeBSD-src-34504eb8a950687bf141e5748ab804c903d3ed3c.tar.gz
4 files changed, 55 insertions, 6 deletions
diff --git a/cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c b/cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c
index 77b4989..c8048c7 100644
--- a/cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c
+++ b/cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c
@@ -52,6 +52,8 @@ static char *curfile;
 #define	CTF_BUF_CHUNK_SIZE	(64 * 1024)
 #define	RES_BUF_CHUNK_SIZE	(64 * 1024)
 
+static int ntypes=0;		/* The number of types. */
+
 struct ctf_buf {
 	strtab_t ctb_strtab;	/* string table */
 	caddr_t ctb_base;	/* pointer to base of buffer */
@@ -1143,6 +1145,10 @@ resurrect_types(ctf_header_t *h, tdata_t *td, tdesc_t **tdarr, int tdsize,
 					(*mpp)->ml_type = tdarr[ctm->ctm_type];
 					(*mpp)->ml_offset = ctm->ctm_offset;
 					(*mpp)->ml_size = 0;
+					if (ctm->ctm_type > ntypes) {
+						parseterminate("Invalid member type ctm_type=%d",
+						    ctm->ctm_type);
+					}
 				}
 			} else {
 				for (i = 0, mpp = &tdp->t_members; i < vlen;
@@ -1159,6 +1165,10 @@ resurrect_types(ctf_header_t *h, tdata_t *td, tdesc_t **tdarr, int tdsize,
 					(*mpp)->ml_offset =
 					    (int)CTF_LMEM_OFFSET(ctlm);
 					(*mpp)->ml_size = 0;
+					if (ctlm->ctlm_type > ntypes) {
+						parseterminate("Invalid lmember type ctlm_type=%d",
+						    ctlm->ctlm_type);
+					}
 				}
 			}
 
@@ -1272,9 +1282,10 @@ ctf_parse(ctf_header_t *h, caddr_t buf, symit_data_t *si, char *label)
 {
 	tdata_t *td = tdata_new();
 	tdesc_t **tdarr;
-	int ntypes = count_types(h, buf);
 	int idx, i;
 
+	ntypes = count_types(h, buf);
+
 	/* shudder */
 	tdarr = xcalloc(sizeof (tdesc_t *) * (ntypes + 1));
 	tdarr[0] = NULL;
diff --git a/cddl/contrib/opensolaris/tools/ctf/cvt/ctftools.h b/cddl/contrib/opensolaris/tools/ctf/cvt/ctftools.h
index 93a540d..9b2ee3d 100644
--- a/cddl/contrib/opensolaris/tools/ctf/cvt/ctftools.h
+++ b/cddl/contrib/opensolaris/tools/ctf/cvt/ctftools.h
@@ -159,7 +159,7 @@ typedef struct ardef {
 /* Auxiliary structure for structure/union tdesc_t */
 typedef struct mlist {
 	int	ml_offset;	/* Offset from start of structure (in bits) */
-	int	ml_size;	/* Member size (in bits) */
+	uint_t	ml_size;	/* Member size (in bits) */
 	char	*ml_name;	/* Member name */
 	struct	tdesc *ml_type;	/* Member type */
 	struct	mlist *ml_next;	/* Next member */
diff --git a/cddl/contrib/opensolaris/tools/ctf/cvt/dwarf.c b/cddl/contrib/opensolaris/tools/ctf/cvt/dwarf.c
index 19aeff2..c7f785e 100644
--- a/cddl/contrib/opensolaris/tools/ctf/cvt/dwarf.c
+++ b/cddl/contrib/opensolaris/tools/ctf/cvt/dwarf.c
@@ -674,6 +674,13 @@ die_array_create(dwarf_t *dw, Dwarf_Die arr, Dwarf_Off off, tdesc_t *tdp)
 		tdesc_t *dimtdp;
 		int flags;
 
+		/* Check for bogus gcc DW_AT_byte_size attribute */
+		if (uval == (unsigned)-1) {
+			printf("dwarf.c:%s() working around bogus -1 DW_AT_byte_size\n",
+			    __func__);
+			uval = 0;
+		}
+		
 		tdp->t_size = uval;
 
 		/*
@@ -760,6 +767,12 @@ die_enum_create(dwarf_t *dw, Dwarf_Die die, Dwarf_Off off, tdesc_t *tdp)
 	tdp->t_type = ENUM;
 
 	(void) die_unsigned(dw, die, DW_AT_byte_size, &uval, DW_ATTR_REQ);
+	/* Check for bogus gcc DW_AT_byte_size attribute */
+	if (uval == (unsigned)-1) {
+		printf("dwarf.c:%s() working around bogus -1 DW_AT_byte_size\n",
+		    __func__); 
+		uval = 0;
+	}
 	tdp->t_size = uval;
 
 	if ((mem = die_child(dw, die)) != NULL) {
@@ -873,7 +886,7 @@ static void
 die_sou_create(dwarf_t *dw, Dwarf_Die str, Dwarf_Off off, tdesc_t *tdp,
     int type, const char *typename)
 {
-	Dwarf_Unsigned sz, bitsz, bitoff;
+	Dwarf_Unsigned sz, bitsz, bitoff, maxsz=0;
 	Dwarf_Die mem;
 	mlist_t *ml, **mlastp;
 	iidesc_t *ii;
@@ -929,6 +942,8 @@ die_sou_create(dwarf_t *dw, Dwarf_Die str, Dwarf_Off off, tdesc_t *tdp,
 			ml->ml_name = NULL;
 
 		ml->ml_type = die_lookup_pass1(dw, mem, DW_AT_type);
+		debug(3, "die_sou_create(): ml_type = %p t_id = %d\n",
+		    ml->ml_type, ml->ml_type->t_id);
 
 		if (die_mem_offset(dw, mem, DW_AT_data_member_location,
 		    &mloff, 0)) {
@@ -956,8 +971,24 @@ die_sou_create(dwarf_t *dw, Dwarf_Die str, Dwarf_Off off, tdesc_t *tdp,
 
 		*mlastp = ml;
 		mlastp = &ml->ml_next;
+
+		/* Find the size of the largest member to work around a gcc
+		 * bug.  See GCC Bugzilla 35998.
+		 */
+		if (maxsz < ml->ml_size)
+			maxsz = ml->ml_size;
+
 	} while ((mem = die_sibling(dw, mem)) != NULL);
 
+	/* See if we got a bogus DW_AT_byte_size.  GCC will sometimes
+	 * emit this.
+	 */
+	if (sz == (unsigned)-1) {
+		 printf("dwarf.c:%s() working around bogus -1 DW_AT_byte_size\n",
+		     __func__);
+		 tdp->t_size = maxsz / 8;  /* maxsz is in bits, t_size is bytes */
+	}
+
 	/*
 	 * GCC will attempt to eliminate unused types, thus decreasing the
 	 * size of the emitted dwarf.  That is, if you declare a foo_t in your
@@ -1054,7 +1085,7 @@ die_sou_resolve(tdesc_t *tdp, tdesc_t **tdpp __unused, void *private)
 		}
 
 		if (ml->ml_size != 0 && mt->t_type == INTRINSIC &&
-		    mt->t_intr->intr_nbits != ml->ml_size) {
+		    mt->t_intr->intr_nbits != (int)ml->ml_size) {
 			/*
 			 * This member is a bitfield, and needs to reference
 			 * an intrinsic type with the same width.  If the
@@ -1370,6 +1401,13 @@ die_base_create(dwarf_t *dw, Dwarf_Die base, Dwarf_Off off, tdesc_t *tdp)
 	 */
 	(void) die_unsigned(dw, base, DW_AT_byte_size, &sz, DW_ATTR_REQ);
 
+	/* Check for bogus gcc DW_AT_byte_size attribute */
+	if (sz == (unsigned)-1) {
+		printf("dwarf.c:%s() working around bogus -1 DW_AT_byte_size\n",
+		    __func__);
+		sz = 0;
+	}
+
 	if (tdp->t_name == NULL)
 		terminate("die %llu: base type without name\n", off);
 
diff --git a/cddl/contrib/opensolaris/tools/ctf/cvt/st_parse.c b/cddl/contrib/opensolaris/tools/ctf/cvt/st_parse.c
index 21a01498..e136c94 100644
--- a/cddl/contrib/opensolaris/tools/ctf/cvt/st_parse.c
+++ b/cddl/contrib/opensolaris/tools/ctf/cvt/st_parse.c
@@ -952,7 +952,7 @@ soudef(char *cp, stabtype_t type, tdesc_t **rtdp)
 
 		itdp = find_intrinsic(tdp);
 		if (itdp->t_type == INTRINSIC) {
-			if (mlp->ml_size != itdp->t_intr->intr_nbits) {
+			if ((int)mlp->ml_size != itdp->t_intr->intr_nbits) {
 				parse_debug(4, cp, "making %d bit intrinsic "
 				    "from %s", mlp->ml_size, tdesc_name(itdp));
 				mlp->ml_type = bitintrinsic(itdp, mlp->ml_size);
@@ -1173,7 +1173,7 @@ resolve_typed_bitfields_cb(void *arg, void *private __unused)
 	while (tdp) {
 		switch (tdp->t_type) {
 		case INTRINSIC:
-			if (ml->ml_size != tdp->t_intr->intr_nbits) {
+			if ((int)ml->ml_size != tdp->t_intr->intr_nbits) {
 				debug(3, "making %d bit intrinsic from %s",
 				    ml->ml_size, tdesc_name(tdp));
 				ml->ml_type = bitintrinsic(tdp, ml->ml_size);
author	pfg <pfg@FreeBSD.org>	2013-07-26 00:28:19 +0000
committer	pfg <pfg@FreeBSD.org>	2013-07-26 00:28:19 +0000
commit	34504eb8a950687bf141e5748ab804c903d3ed3c (patch)
tree	3835e545a57881bdfab8b9c6b637002224d90e6d /cddl/contrib
parent	0f2f7957393d210c4606f7096c07a8f0bcebc03c (diff)
download	FreeBSD-src-34504eb8a950687bf141e5748ab804c903d3ed3c.zip FreeBSD-src-34504eb8a950687bf141e5748ab804c903d3ed3c.tar.gz