From ec9f0c7d4ae257642ee825baa9e23f9ffb000de8 Mon Sep 17 00:00:00 2001
From: Igor Kudrin <ikudrin@accesssoftek.com>
Date: Tue, 14 Jul 2020 15:55:31 +0700
Subject: [PATCH] [DebugInfo] Fix a possible crash when reading a malformed
 .debug_*lists section.

DWARFListTableHeader::length() handles the zero value of HeaderData.Length
in a special way, which makes the result different from the calculated
value of FullLength, which leads to triggering an assertion. The patch
moves the assertion a bit later when `FullLength` is already checked for
minimal allowed value.

Differential Revision: https://reviews.llvm.org/D82886
---
 llvm/lib/DebugInfo/DWARF/DWARFListTable.cpp              |  2 +-
 llvm/test/DebugInfo/X86/dwarfdump-rnglists-zero-length.s | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 llvm/test/DebugInfo/X86/dwarfdump-rnglists-zero-length.s

diff --git a/llvm/lib/DebugInfo/DWARF/DWARFListTable.cpp b/llvm/lib/DebugInfo/DWARF/DWARFListTable.cpp
index 5f5f12a..2124a49 100644
--- a/llvm/lib/DebugInfo/DWARF/DWARFListTable.cpp
+++ b/llvm/lib/DebugInfo/DWARF/DWARFListTable.cpp
@@ -29,13 +29,13 @@ Error DWARFListTableHeader::extract(DWARFDataExtractor Data,
   uint8_t OffsetByteSize = Format == dwarf::DWARF64 ? 8 : 4;
   uint64_t FullLength =
       HeaderData.Length + dwarf::getUnitLengthFieldByteSize(Format);
-  assert(FullLength == length());
   if (FullLength < getHeaderSize(Format))
     return createStringError(errc::invalid_argument,
                        "%s table at offset 0x%" PRIx64
                        " has too small length (0x%" PRIx64
                        ") to contain a complete header",
                        SectionName.data(), HeaderOffset, FullLength);
+  assert(FullLength == length() && "Inconsistent calculation of length.");
   uint64_t End = HeaderOffset + FullLength;
   if (!Data.isValidOffsetForDataOfSize(HeaderOffset, FullLength))
     return createStringError(errc::invalid_argument,
diff --git a/llvm/test/DebugInfo/X86/dwarfdump-rnglists-zero-length.s b/llvm/test/DebugInfo/X86/dwarfdump-rnglists-zero-length.s
new file mode 100644
index 0000000..05f87a1
--- /dev/null
+++ b/llvm/test/DebugInfo/X86/dwarfdump-rnglists-zero-length.s
@@ -0,0 +1,12 @@
+## The test checks that llvm-dwarfdump can handle a malformed input file without
+## crashing.
+
+# RUN: llvm-mc -triple x86_64 %s -filetype=obj -o %t
+# RUN: not llvm-dwarfdump -debug-rnglists %t 2>&1 | FileCheck %s
+
+# CHECK: error: .debug_rnglists table at offset 0x0 has too small length (0x4) to contain a complete header
+
+## An assertion used to trigger in the debug build of the DebugInfo/DWARF 
+## library if the unit length field in a range list table was 0.
+    .section .debug_rnglists,"",@progbits
+    .long 0
-- 
2.7.4