Use int instead of LONGEST in tdesc_type sizes.

gdb/ChangeLog:

	* target-descriptions.c (struct tdesc_type) <u.u.size>: Change type
	from LONGEST to int.
	(struct tdesc_type) <u.f.size>: Ditto.
	(tdesc_set_struct_size): Change type of "size" arg from LONGEST
	to int.  Add assertion size > 0.
	(tdesc_create_flags): Ditto.
	* target-descriptions.h (tdesc_set_struct_size): Update.
	(tdesc_create_flags): Update.
	* xml-tdesc.c (MAX_FIELD_SIZE, MAX_FIELD_BITSIZE): New macros.
	(MAX_VECTOR_SIZE): New macro.
	(tdesc_start_struct): Catch conversion errors from LONGEST to int.
	(tdesc_start_flags, tdesc_start_field, tdesc_start_vector): Ditto.

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index a6d59c0..1d59888 100644 (file)
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,5 +1,20 @@
 2016-03-15  Doug Evans  <dje@google.com>
 
+       * target-descriptions.c (struct tdesc_type) <u.u.size>: Change type
+       from LONGEST to int.
+       (struct tdesc_type) <u.f.size>: Ditto.
+       (tdesc_set_struct_size): Change type of "size" arg from LONGEST
+       to int.  Add assertion size > 0.
+       (tdesc_create_flags): Ditto.
+       * target-descriptions.h (tdesc_set_struct_size): Update.
+       (tdesc_create_flags): Update.
+       * xml-tdesc.c (MAX_FIELD_SIZE, MAX_FIELD_BITSIZE): New macros.
+       (MAX_VECTOR_SIZE): New macro.
+       (tdesc_start_struct): Catch conversion errors from LONGEST to int.
+       (tdesc_start_flags, tdesc_start_field, tdesc_start_vector): Ditto.
+
+2016-03-15  Doug Evans  <dje@google.com>
+
        * target-descriptions.c (maint_print_c_tdesc_cmd): Use "type" for
        TYPE_CODE_FLAGS instead of "field_type", for consistency.
        * features/i386/amd64-avx-linux.c: Regenerate.

diff --git a/gdb/target-descriptions.c b/gdb/target-descriptions.c
index 5ba167f..ac6e3a2 100644 (file)
--- a/gdb/target-descriptions.c
+++ b/gdb/target-descriptions.c
@@ -150,14 +150,14 @@ typedef struct tdesc_type
     struct
     {
       VEC(tdesc_type_field) *fields;
-      LONGEST size;
+      int size;
     } u;
 
     /* Flags type.  */
     struct
     {
       VEC(tdesc_type_flag) *flags;
-      LONGEST size;
+      int size;
     } f;
   } u;
 } *tdesc_type_p;
@@ -1340,9 +1340,10 @@ tdesc_create_struct (struct tdesc_feature *feature, const char *name)
    suffice.  */
 
 void
-tdesc_set_struct_size (struct tdesc_type *type, LONGEST size)
+tdesc_set_struct_size (struct tdesc_type *type, int size)
 {
   gdb_assert (type->kind == TDESC_TYPE_STRUCT);
+  gdb_assert (size > 0);
   type->u.u.size = size;
 }
 
@@ -1360,10 +1361,12 @@ tdesc_create_union (struct tdesc_feature *feature, const char *name)
 
 struct tdesc_type *
 tdesc_create_flags (struct tdesc_feature *feature, const char *name,
-                   LONGEST size)
+                   int size)
 {
   struct tdesc_type *type = XCNEW (struct tdesc_type);
 
+  gdb_assert (size > 0);
+
   type->name = xstrdup (name);
   type->kind = TDESC_TYPE_FLAGS;
   type->u.f.size = size;

diff --git a/gdb/target-descriptions.h b/gdb/target-descriptions.h
index 43f92ea..f777a92 100644 (file)
--- a/gdb/target-descriptions.h
+++ b/gdb/target-descriptions.h
@@ -229,12 +229,12 @@ struct tdesc_type *tdesc_create_vector (struct tdesc_feature *feature,
                                        int count);
 struct tdesc_type *tdesc_create_struct (struct tdesc_feature *feature,
                                        const char *name);
-void tdesc_set_struct_size (struct tdesc_type *type, LONGEST size);
+void tdesc_set_struct_size (struct tdesc_type *type, int size);
 struct tdesc_type *tdesc_create_union (struct tdesc_feature *feature,
                                       const char *name);
 struct tdesc_type *tdesc_create_flags (struct tdesc_feature *feature,
                                       const char *name,
-                                      LONGEST size);
+                                      int size);
 void tdesc_add_field (struct tdesc_type *type, const char *field_name,
                      struct tdesc_type *field_type);
 void tdesc_add_bitfield (struct tdesc_type *type, const char *field_name,

diff --git a/gdb/xml-tdesc.c b/gdb/xml-tdesc.c
index b5439e5..adfe9fd 100644 (file)
--- a/gdb/xml-tdesc.c
+++ b/gdb/xml-tdesc.c
@@ -25,9 +25,14 @@
 #include "xml-support.h"
 #include "xml-tdesc.h"
 #include "osabi.h"
-
 #include "filenames.h"
 
+/* Maximum sizes.
+   This is just to catch obviously wrong values.  */
+#define MAX_FIELD_SIZE 65536
+#define MAX_FIELD_BITSIZE (MAX_FIELD_SIZE * TARGET_CHAR_BIT)
+#define MAX_VECTOR_SIZE 65536
+
 #if !defined(HAVE_LIBEXPAT)
 
 /* Parse DOCUMENT into a target description.  Or don't, since we don't have
@@ -259,8 +264,14 @@ tdesc_start_struct (struct gdb_xml_parser *parser,
   attr = xml_find_attribute (attributes, "size");
   if (attr != NULL)
     {
-      int size = (int) * (ULONGEST *) attr->value;
+      ULONGEST size = * (ULONGEST *) attr->value;
 
+      if (size > MAX_FIELD_SIZE)
+       {
+         gdb_xml_error (parser,
+                        _("Struct size %s is larger than maximum (%d)"),
+                        pulongest (size), MAX_FIELD_SIZE);
+       }
       tdesc_set_struct_size (type, size);
       data->current_type_size = size;
     }
@@ -273,11 +284,17 @@ tdesc_start_flags (struct gdb_xml_parser *parser,
 {
   struct tdesc_parsing_data *data = (struct tdesc_parsing_data *) user_data;
   char *id = (char *) xml_find_attribute (attributes, "id")->value;
-  int length = (int) * (ULONGEST *)
+  ULONGEST size = * (ULONGEST *)
     xml_find_attribute (attributes, "size")->value;
   struct tdesc_type *type;
 
-  type = tdesc_create_flags (data->current_feature, id, length);
+  if (size > MAX_FIELD_SIZE)
+    {
+      gdb_xml_error (parser,
+                    _("Flags size %s is larger than maximum (%d)"),
+                    pulongest (size), MAX_FIELD_SIZE);
+    }
+  type = tdesc_create_flags (data->current_feature, id, size);
 
   data->current_type = type;
   data->current_type_size = 0;
@@ -308,13 +325,33 @@ tdesc_start_field (struct gdb_xml_parser *parser,
 
   attr = xml_find_attribute (attributes, "start");
   if (attr != NULL)
-    start = * (ULONGEST *) attr->value;
+    {
+      ULONGEST ul_start = * (ULONGEST *) attr->value;
+
+      if (ul_start > MAX_FIELD_BITSIZE)
+       {
+         gdb_xml_error (parser,
+                        _("Field start %s is larger than maximum (%d)"),
+                        pulongest (ul_start), MAX_FIELD_BITSIZE);
+       }
+      start = ul_start;
+    }
   else
     start = -1;
 
   attr = xml_find_attribute (attributes, "end");
   if (attr != NULL)
-    end = * (ULONGEST *) attr->value;
+    {
+      ULONGEST ul_end = * (ULONGEST *) attr->value;
+
+      if (ul_end > MAX_FIELD_BITSIZE)
+       {
+         gdb_xml_error (parser,
+                        _("Field end %s is larger than maximum (%d)"),
+                        pulongest (ul_end), MAX_FIELD_BITSIZE);
+       }
+      end = ul_end;
+    }
   else
     end = -1;
 
@@ -389,12 +426,19 @@ tdesc_start_vector (struct gdb_xml_parser *parser,
   struct gdb_xml_value *attrs = VEC_address (gdb_xml_value_s, attributes);
   struct tdesc_type *field_type;
   char *id, *field_type_id;
-  int count;
+  ULONGEST count;
 
   id = (char *) attrs[0].value;
   field_type_id = (char *) attrs[1].value;
   count = * (ULONGEST *) attrs[2].value;
 
+  if (count > MAX_VECTOR_SIZE)
+    {
+      gdb_xml_error (parser,
+                    _("Vector size %s is larger than maximum (%d)"),
+                    pulongest (count), MAX_VECTOR_SIZE);
+    }
+
   field_type = tdesc_named_type (data->current_feature, field_type_id);
   if (field_type == NULL)
     gdb_xml_error (parser, _("Vector \"%s\" references undefined type \"%s\""),