Bug Summary

File:src/gnu/usr.bin/binutils-2.17/bfd/dwarf1.c
Warning:line 410, column 12
Dereference of null pointer

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name dwarf1.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/gnu/usr.bin/binutils-2.17/obj/bfd -resource-dir /usr/local/lib/clang/13.0.0 -D HAVE_CONFIG_H -I . -I /usr/src/gnu/usr.bin/binutils-2.17/bfd -I . -D NETBSD_CORE -I . -I /usr/src/gnu/usr.bin/binutils-2.17/bfd -I /usr/src/gnu/usr.bin/binutils-2.17/bfd/../include -I /usr/src/gnu/usr.bin/binutils-2.17/bfd/../intl -I ../intl -D PIE_DEFAULT=1 -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/gnu/usr.bin/binutils-2.17/obj/bfd -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/gnu/usr.bin/binutils-2.17/bfd/dwarf1.c
1/* DWARF 1 find nearest line (_bfd_dwarf1_find_nearest_line).
2 Copyright 1998, 1999, 2000, 2001, 2002, 2004, 2005
3 Free Software Foundation, Inc.
4
5 Written by Gavin Romig-Koch of Cygnus Solutions (gavin@cygnus.com).
6
7 This file is part of BFD.
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or (at
12 your option) any later version.
13
14 This program is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */
22
23#include "bfd.h"
24#include "sysdep.h"
25#include "libiberty.h"
26#include "libbfd.h"
27#include "elf-bfd.h"
28#include "elf/dwarf.h"
29
30/* dwarf1_debug is the starting point for all dwarf1 info. */
31
32struct dwarf1_debug
33{
34 /* The bfd we are working with. */
35 bfd* abfd;
36
37 /* List of already parsed compilation units. */
38 struct dwarf1_unit* lastUnit;
39
40 /* The buffer for the .debug section.
41 Zero indicates that the .debug section failed to load. */
42 char* debug_section;
43
44 /* Pointer to the end of the .debug_info section memory buffer. */
45 char* debug_section_end;
46
47 /* The buffer for the .line section. */
48 char* line_section;
49
50 /* End of that buffer. */
51 char* line_section_end;
52
53 /* The current or next unread die within the .debug section. */
54 char* currentDie;
55};
56
57/* One dwarf1_unit for each parsed compilation unit die. */
58
59struct dwarf1_unit
60{
61 /* Linked starting from stash->lastUnit. */
62 struct dwarf1_unit* prev;
63
64 /* Name of the compilation unit. */
65 char* name;
66
67 /* The highest and lowest address used in the compilation unit. */
68 unsigned long low_pc;
69 unsigned long high_pc;
70
71 /* Does this unit have a statement list? */
72 int has_stmt_list;
73
74 /* If any, the offset of the line number table in the .line section. */
75 unsigned long stmt_list_offset;
76
77 /* If non-zero, a pointer to the first child of this unit. */
78 char* first_child;
79
80 /* How many line entries? */
81 unsigned long line_count;
82
83 /* The decoded line number table (line_count entries). */
84 struct linenumber* linenumber_table;
85
86 /* The list of functions in this unit. */
87 struct dwarf1_func* func_list;
88};
89
90/* One dwarf1_func for each parsed function die. */
91
92struct dwarf1_func
93{
94 /* Linked starting from aUnit->func_list. */
95 struct dwarf1_func* prev;
96
97 /* Name of function. */
98 char* name;
99
100 /* The highest and lowest address used in the compilation unit. */
101 unsigned long low_pc;
102 unsigned long high_pc;
103};
104
105/* Used to return info about a parsed die. */
106struct die_info
107{
108 unsigned long length;
109 unsigned long sibling;
110 unsigned long low_pc;
111 unsigned long high_pc;
112 unsigned long stmt_list_offset;
113
114 char* name;
115
116 int has_stmt_list;
117
118 unsigned short tag;
119};
120
121/* Parsed line number information. */
122struct linenumber
123{
124 /* First address in the line. */
125 unsigned long addr;
126
127 /* The line number. */
128 unsigned long linenumber;
129};
130
131/* Find the form of an attr, from the attr field. */
132#define FORM_FROM_ATTR(attr)((attr) & 0xF) ((attr) & 0xF) /* Implicitly specified. */
133
134/* Return a newly allocated dwarf1_unit. It should be cleared and
135 then attached into the 'stash' at 'stash->lastUnit'. */
136
137static struct dwarf1_unit*
138alloc_dwarf1_unit (struct dwarf1_debug* stash)
139{
140 bfd_size_type amt = sizeof (struct dwarf1_unit);
141
142 struct dwarf1_unit* x = bfd_zalloc (stash->abfd, amt);
143 x->prev = stash->lastUnit;
144 stash->lastUnit = x;
145
146 return x;
147}
148
149/* Return a newly allocated dwarf1_func. It must be cleared and
150 attached into 'aUnit' at 'aUnit->func_list'. */
151
152static struct dwarf1_func *
153alloc_dwarf1_func (struct dwarf1_debug* stash, struct dwarf1_unit* aUnit)
154{
155 bfd_size_type amt = sizeof (struct dwarf1_func);
156
157 struct dwarf1_func* x = bfd_zalloc (stash->abfd, amt);
158 x->prev = aUnit->func_list;
159 aUnit->func_list = x;
160
161 return x;
162}
163
164/* parse_die - parse a Dwarf1 die.
165 Parse the die starting at 'aDiePtr' into 'aDieInfo'.
166 'abfd' must be the bfd from which the section that 'aDiePtr'
167 points to was pulled from.
168
169 Return FALSE if the die is invalidly formatted; TRUE otherwise. */
170
171static bfd_boolean
172parse_die (bfd * abfd,
173 struct die_info * aDieInfo,
174 char * aDiePtr,
175 char * aDiePtrEnd)
176{
177 char* this_die = aDiePtr;
178 char* xptr = this_die;
179
180 memset (aDieInfo, 0, sizeof (* aDieInfo));
181
182 /* First comes the length. */
183 aDieInfo->length = bfd_get_32 (abfd, (bfd_byte *) xptr)((*((abfd)->xvec->bfd_getx32)) ((bfd_byte *) xptr));
184 xptr += 4;
185 if (aDieInfo->length == 0
186 || (this_die + aDieInfo->length) >= aDiePtrEnd)
187 return FALSE0;
188 if (aDieInfo->length < 6)
189 {
190 /* Just padding bytes. */
191 aDieInfo->tag = TAG_padding;
192 return TRUE1;
193 }
194
195 /* Then the tag. */
196 aDieInfo->tag = bfd_get_16 (abfd, (bfd_byte *) xptr)((*((abfd)->xvec->bfd_getx16)) ((bfd_byte *) xptr));
197 xptr += 2;
198
199 /* Then the attributes. */
200 while (xptr < (this_die + aDieInfo->length))
201 {
202 unsigned short attr;
203
204 /* Parse the attribute based on its form. This section
205 must handle all dwarf1 forms, but need only handle the
206 actual attributes that we care about. */
207 attr = bfd_get_16 (abfd, (bfd_byte *) xptr)((*((abfd)->xvec->bfd_getx16)) ((bfd_byte *) xptr));
208 xptr += 2;
209
210 switch (FORM_FROM_ATTR (attr)((attr) & 0xF))
211 {
212 case FORM_DATA2:
213 xptr += 2;
214 break;
215 case FORM_DATA4:
216 case FORM_REF:
217 if (attr == AT_sibling)
218 aDieInfo->sibling = bfd_get_32 (abfd, (bfd_byte *) xptr)((*((abfd)->xvec->bfd_getx32)) ((bfd_byte *) xptr));
219 else if (attr == AT_stmt_list)
220 {
221 aDieInfo->stmt_list_offset = bfd_get_32 (abfd, (bfd_byte *) xptr)((*((abfd)->xvec->bfd_getx32)) ((bfd_byte *) xptr));
222 aDieInfo->has_stmt_list = 1;
223 }
224 xptr += 4;
225 break;
226 case FORM_DATA8:
227 xptr += 8;
228 break;
229 case FORM_ADDR:
230 if (attr == AT_low_pc)
231 aDieInfo->low_pc = bfd_get_32 (abfd, (bfd_byte *) xptr)((*((abfd)->xvec->bfd_getx32)) ((bfd_byte *) xptr));
232 else if (attr == AT_high_pc)
233 aDieInfo->high_pc = bfd_get_32 (abfd, (bfd_byte *) xptr)((*((abfd)->xvec->bfd_getx32)) ((bfd_byte *) xptr));
234 xptr += 4;
235 break;
236 case FORM_BLOCK2:
237 xptr += 2 + bfd_get_16 (abfd, (bfd_byte *) xptr)((*((abfd)->xvec->bfd_getx16)) ((bfd_byte *) xptr));
238 break;
239 case FORM_BLOCK4:
240 xptr += 4 + bfd_get_32 (abfd, (bfd_byte *) xptr)((*((abfd)->xvec->bfd_getx32)) ((bfd_byte *) xptr));
241 break;
242 case FORM_STRING:
243 if (attr == AT_name)
244 aDieInfo->name = xptr;
245 xptr += strlen (xptr) + 1;
246 break;
247 }
248 }
249
250 return TRUE1;
251}
252
253/* Parse a dwarf1 line number table for 'aUnit->stmt_list_offset'
254 into 'aUnit->linenumber_table'. Return FALSE if an error
255 occurs; TRUE otherwise. */
256
257static bfd_boolean
258parse_line_table (struct dwarf1_debug* stash, struct dwarf1_unit* aUnit)
259{
260 char* xptr;
261
262 /* Load the ".line" section from the bfd if we haven't already. */
263 if (stash->line_section == 0)
16
Assuming field 'line_section' is not equal to null
17
Taking false branch
264 {
265 asection *msec;
266 bfd_size_type size;
267
268 msec = bfd_get_section_by_name (stash->abfd, ".line");
269 if (! msec)
270 return FALSE0;
271
272 size = msec->rawsize ? msec->rawsize : msec->size;
273 stash->line_section = bfd_alloc (stash->abfd, size);
274
275 if (! stash->line_section)
276 return FALSE0;
277
278 if (! bfd_get_section_contents (stash->abfd, msec, stash->line_section,
279 0, size))
280 {
281 stash->line_section = 0;
282 return FALSE0;
283 }
284
285 stash->line_section_end = stash->line_section + size;
286 }
287
288 xptr = stash->line_section + aUnit->stmt_list_offset;
289 if (xptr < stash->line_section_end)
18
Assuming 'xptr' is >= field 'line_section_end'
19
Taking false branch
290 {
291 unsigned long eachLine;
292 char *tblend;
293 unsigned long base;
294 bfd_size_type amt;
295
296 /* First comes the length. */
297 tblend = bfd_get_32 (stash->abfd, (bfd_byte *) xptr)((*((stash->abfd)->xvec->bfd_getx32)) ((bfd_byte *) xptr
)) + xptr;
298 xptr += 4;
299
300 /* Then the base address for each address in the table. */
301 base = bfd_get_32 (stash->abfd, (bfd_byte *) xptr)((*((stash->abfd)->xvec->bfd_getx32)) ((bfd_byte *) xptr
));
302 xptr += 4;
303
304 /* How many line entrys?
305 10 = 4 (line number) + 2 (pos in line) + 4 (address in line). */
306 aUnit->line_count = (tblend - xptr) / 10;
307
308 /* Allocate an array for the entries. */
309 amt = sizeof (struct linenumber) * aUnit->line_count;
310 aUnit->linenumber_table = bfd_alloc (stash->abfd, amt);
311
312 for (eachLine = 0; eachLine < aUnit->line_count; eachLine++)
313 {
314 /* A line number. */
315 aUnit->linenumber_table[eachLine].linenumber
316 = bfd_get_32 (stash->abfd, (bfd_byte *) xptr)((*((stash->abfd)->xvec->bfd_getx32)) ((bfd_byte *) xptr
));
317 xptr += 4;
318
319 /* Skip the position within the line. */
320 xptr += 2;
321
322 /* And finally the address. */
323 aUnit->linenumber_table[eachLine].addr
324 = base + bfd_get_32 (stash->abfd, (bfd_byte *) xptr)((*((stash->abfd)->xvec->bfd_getx32)) ((bfd_byte *) xptr
));
325 xptr += 4;
326 }
327 }
328
329 return TRUE1;
20
Returning without writing to 'aUnit->func_list', which participates in a condition later
21
Returning without writing to 'aUnit->linenumber_table'
22
Returning the value 1, which participates in a condition later
330}
331
332/* Parse each function die in a compilation unit 'aUnit'.
333 The first child die of 'aUnit' should be in 'aUnit->first_child',
334 the result is placed in 'aUnit->func_list'.
335 Return FALSE if error; TRUE otherwise. */
336
337static bfd_boolean
338parse_functions_in_unit (struct dwarf1_debug* stash, struct dwarf1_unit* aUnit)
339{
340 char* eachDie;
341
342 if (aUnit->first_child)
343 for (eachDie = aUnit->first_child;
344 eachDie < stash->debug_section_end;
345 )
346 {
347 struct die_info eachDieInfo;
348
349 if (! parse_die (stash->abfd, &eachDieInfo, eachDie,
350 stash->debug_section_end))
351 return FALSE0;
352
353 if (eachDieInfo.tag == TAG_global_subroutine
354 || eachDieInfo.tag == TAG_subroutine
355 || eachDieInfo.tag == TAG_inlined_subroutine
356 || eachDieInfo.tag == TAG_entry_point)
357 {
358 struct dwarf1_func* aFunc = alloc_dwarf1_func (stash,aUnit);
359
360 aFunc->name = eachDieInfo.name;
361 aFunc->low_pc = eachDieInfo.low_pc;
362 aFunc->high_pc = eachDieInfo.high_pc;
363 }
364
365 /* Move to next sibling, if none, end loop */
366 if (eachDieInfo.sibling)
367 eachDie = stash->debug_section + eachDieInfo.sibling;
368 else
369 break;
370 }
371
372 return TRUE1;
373}
374
375/* Find the nearest line to 'addr' in 'aUnit'.
376 Return whether we found the line (or a function) without error. */
377
378static bfd_boolean
379dwarf1_unit_find_nearest_line (struct dwarf1_debug* stash,
380 struct dwarf1_unit* aUnit,
381 unsigned long addr,
382 const char **filename_ptr,
383 const char **functionname_ptr,
384 unsigned int *linenumber_ptr)
385{
386 int line_p = FALSE0;
387 int func_p = FALSE0;
388
389 if (aUnit->low_pc <= addr
9.1
'addr' is >= field 'low_pc'
 && addr
9.2
'addr' is < field 'high_pc'
 < aUnit->high_pc)
10
Taking true branch
390 {
391 if (aUnit->has_stmt_list)
11
Assuming field 'has_stmt_list' is not equal to 0
12
Taking true branch
392 {
393 unsigned long i;
394 struct dwarf1_func* eachFunc;
395
396 if (! aUnit->linenumber_table)
13
Assuming field 'linenumber_table' is null
14
Taking true branch
397 {
398 if (! parse_line_table (stash, aUnit))
15
Calling 'parse_line_table'
23
Returning from 'parse_line_table'
24
Taking false branch
399 return FALSE0;
400 }
401
402 if (! aUnit->func_list)
25
Assuming field 'func_list' is non-null
26
Taking false branch
403 {
404 if (! parse_functions_in_unit (stash, aUnit))
405 return FALSE0;
406 }
407
408 for (i = 0; i < aUnit->line_count; i++)
27
Assuming 'i' is < field 'line_count'
28
Loop condition is true. Entering loop body
409 {
410 if (aUnit->linenumber_table[i].addr <= addr
29
Dereference of null pointer
411 && addr < aUnit->linenumber_table[i+1].addr)
412 {
413 *filename_ptr = aUnit->name;
414 *linenumber_ptr = aUnit->linenumber_table[i].linenumber;
415 line_p = TRUE1;
416 break;
417 }
418 }
419
420 for (eachFunc = aUnit->func_list;
421 eachFunc;
422 eachFunc = eachFunc->prev)
423 {
424 if (eachFunc->low_pc <= addr
425 && addr < eachFunc->high_pc)
426 {
427 *functionname_ptr = eachFunc->name;
428 func_p = TRUE1;
429 break;
430 }
431 }
432 }
433 }
434
435 return line_p || func_p;
436}
437
438/* The DWARF 1 version of find_nearest line.
439 Return TRUE if the line is found without error. */
440
441bfd_boolean
442_bfd_dwarf1_find_nearest_line (bfd *abfd,
443 asection *section,
444 asymbol **symbols ATTRIBUTE_UNUSED__attribute__ ((__unused__)),
445 bfd_vma offset,
446 const char **filename_ptr,
447 const char **functionname_ptr,
448 unsigned int *linenumber_ptr)
449{
450 struct dwarf1_debug *stash = elf_tdata (abfd)((abfd) -> tdata.elf_obj_data)->dwarf1_find_line_info;
451
452 struct dwarf1_unit* eachUnit;
453
454 /* What address are we looking for? */
455 unsigned long addr = (unsigned long)(offset + section->vma);
456
457 *filename_ptr = NULL((void*)0);
458 *functionname_ptr = NULL((void*)0);
459 *linenumber_ptr = 0;
460
461 if (! stash)
1
Assuming 'stash' is non-null
2
Taking false branch
462 {
463 asection *msec;
464 bfd_size_type size = sizeof (struct dwarf1_debug);
465
466 stash = elf_tdata (abfd)((abfd) -> tdata.elf_obj_data)->dwarf1_find_line_info
467 = bfd_zalloc (abfd, size);
468
469 if (! stash)
470 return FALSE0;
471
472 msec = bfd_get_section_by_name (abfd, ".debug");
473 if (! msec)
474 /* No dwarf1 info. Note that at this point the stash
475 has been allocated, but contains zeros, this lets
476 future calls to this function fail quicker. */
477 return FALSE0;
478
479 size = msec->rawsize ? msec->rawsize : msec->size;
480 stash->debug_section = bfd_alloc (abfd, size);
481
482 if (! stash->debug_section)
483 return FALSE0;
484
485 if (! bfd_get_section_contents (abfd, msec, stash->debug_section,
486 0, size))
487 {
488 stash->debug_section = 0;
489 return FALSE0;
490 }
491
492 stash->debug_section_end = stash->debug_section + size;
493 stash->currentDie = stash->debug_section;
494 stash->abfd = abfd;
495 }
496
497 /* A null debug_section indicates that there was no dwarf1 info
498 or that an error occured while setting up the stash. */
499
500 if (! stash->debug_section)
3
Assuming field 'debug_section' is non-null
4
Taking false branch
501 return FALSE0;
502
503 /* Look at the previously parsed units to see if any contain
504 the addr. */
505 for (eachUnit = stash->lastUnit; eachUnit; eachUnit = eachUnit->prev)
5
Loop condition is true. Entering loop body
506 if (eachUnit->low_pc <= addr && addr < eachUnit->high_pc)
6
Assuming 'addr' is >= field 'low_pc'
7
Assuming 'addr' is < field 'high_pc'
8
Taking true branch
507 return dwarf1_unit_find_nearest_line (stash, eachUnit, addr,
9
Calling 'dwarf1_unit_find_nearest_line'
508 filename_ptr,
509 functionname_ptr,
510 linenumber_ptr);
511
512 while (stash->currentDie < stash->debug_section_end)
513 {
514 struct die_info aDieInfo;
515
516 if (! parse_die (stash->abfd, &aDieInfo, stash->currentDie,
517 stash->debug_section_end))
518 return FALSE0;
519
520 if (aDieInfo.tag == TAG_compile_unit)
521 {
522 struct dwarf1_unit* aUnit
523 = alloc_dwarf1_unit (stash);
524
525 aUnit->name = aDieInfo.name;
526 aUnit->low_pc = aDieInfo.low_pc;
527 aUnit->high_pc = aDieInfo.high_pc;
528 aUnit->has_stmt_list = aDieInfo.has_stmt_list;
529 aUnit->stmt_list_offset = aDieInfo.stmt_list_offset;
530
531 /* A die has a child if it's followed by a die that is
532 not it's sibling. */
533 if (aDieInfo.sibling
534 && stash->currentDie + aDieInfo.length
535 < stash->debug_section_end
536 && stash->currentDie + aDieInfo.length
537 != stash->debug_section + aDieInfo.sibling)
538 aUnit->first_child = stash->currentDie + aDieInfo.length;
539 else
540 aUnit->first_child = 0;
541
542 if (aUnit->low_pc <= addr && addr < aUnit->high_pc)
543 return dwarf1_unit_find_nearest_line (stash, aUnit, addr,
544 filename_ptr,
545 functionname_ptr,
546 linenumber_ptr);
547 }
548
549 if (aDieInfo.sibling != 0)
550 stash->currentDie = stash->debug_section + aDieInfo.sibling;
551 else
552 stash->currentDie += aDieInfo.length;
553 }
554
555 return FALSE0;
556}