From: Joel Brobecker <brobecker@adacore.com>
Date: Fri, 9 Oct 2015 21:16:45 +0000 (-0700)
Subject: [Ada] ada_unpack_from_contents: Error if target buffer not large enough
X-Git-Tag: users/ARM/embedded-binutils-2_26-branch-2016q1~472
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5b639deae123db13af61e915807c0a1ab224e246;p=external%2Fbinutils.git

[Ada] ada_unpack_from_contents: Error if target buffer not large enough

This adds a guard that the size of the "unpacked" buffer is large enough
to contain at least BIT_SIZE bits.  If not, report an error.  This is to
guard this routine from doing buffer overflows when called incorrectly.

gdb/ChangeLog:

        * ada-lang.c (ada_unpack_from_contents): Add guard that unpacked
        is large enough for BIT_SIZE.  Update function comment.
---

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 45e04ae..578aeb8 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,5 +1,10 @@
 2015-10-09  Joel Brobecker  <brobecker@adacore.com>
 
+	* ada-lang.c (ada_unpack_from_contents): Add guard that unpacked
+	is large enough for BIT_SIZE.  Update function comment.
+
+2015-10-09  Joel Brobecker  <brobecker@adacore.com>
+
 	* ada-lang.c (ada_value_primitive_packed_val): Move
 	src_len variable to local block where used.  Override
 	BIT_SIZE if bigger than size of resolved type.
diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c
index b7440e2..97f0c49 100644
--- a/gdb/ada-lang.c
+++ b/gdb/ada-lang.c
@@ -2383,9 +2383,12 @@ has_negatives (struct type *type)
 }
 
 /* With SRC being a buffer containing BIT_SIZE bits of data at BIT_OFFSET,
-   unpack that data into UNPACKED. UNPACKED_LEN is the size in bytes of
+   unpack that data into UNPACKED.  UNPACKED_LEN is the size in bytes of
    the unpacked buffer.
 
+   The size of the unpacked buffer (UNPACKED_LEN) is expected to be large
+   enough to contain at least BIT_OFFSET bits.  If not, an error is raised.
+
    IS_BIG_ENDIAN is nonzero if the data is stored in big endian mode,
    zero otherwise.
 
@@ -2417,6 +2420,12 @@ ada_unpack_from_contents (const gdb_byte *src, int bit_offset, int bit_size,
      the indices move.  */
   int delta = is_big_endian ? -1 : 1;
 
+  /* Make sure that unpacked is large enough to receive the BIT_SIZE
+     bits from SRC.  .*/
+  if ((bit_size + HOST_CHAR_BIT - 1) / HOST_CHAR_BIT > unpacked_len)
+    error (_("Cannot unpack %d bits into buffer of %d bytes"),
+	   bit_size, unpacked_len);
+
   srcBitsLeft = bit_size;
   src_bytes_left = src_len;
   unpacked_bytes_left = unpacked_len;