libdw: dwarf_peel_type break long chains/cycles.

Limit the number of chained modifiers to 64 (that is 8 chains for all
8 modifiers, most of which cannot be chained). This prevents loops in
the DWARF DIE DW_AT_type references.

Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index 1e41e72aeef4e56bb22529a1431816d6a3efe565..2f7ac2cdac39db434bb4adfa53fdef3a5e4e0aee 100644 (file)
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,7 @@
+2018-06-18  Mark Wielaard  <mark@klomp.org>
+
+       * dwarf_peel_type.c (dwarf_peel_type): Limit modifier chain to 64.
+
 2018-06-18  Mark Wielaard  <mark@klomp.org>
 
        * dwarf_aggregate_size.c (aggregate_size): Check die is not NULL.

diff --git a/libdw/dwarf_peel_type.c b/libdw/dwarf_peel_type.c
index 6bbfd42407c6995b36195517ac9abbc019928f08..59fc6f1500ed1e07d2ed99c355c91ff28f1b5518 100644 (file)
--- a/libdw/dwarf_peel_type.c
+++ b/libdw/dwarf_peel_type.c
@@ -46,14 +46,19 @@ dwarf_peel_type (Dwarf_Die *die, Dwarf_Die *result)
 
   *result = *die;
   tag = INTUSE (dwarf_tag) (result);
-  while (tag == DW_TAG_typedef
-        || tag == DW_TAG_const_type
-        || tag == DW_TAG_volatile_type
-        || tag == DW_TAG_restrict_type
-        || tag == DW_TAG_atomic_type
-        || tag == DW_TAG_immutable_type
-        || tag == DW_TAG_packed_type
-        || tag == DW_TAG_shared_type)
+
+/* Stack 8 of all these modifiers, after that it gets silly.  */
+#define MAX_DEPTH (8 * 8)
+  int max_depth = MAX_DEPTH;
+  while ((tag == DW_TAG_typedef
+         || tag == DW_TAG_const_type
+         || tag == DW_TAG_volatile_type
+         || tag == DW_TAG_restrict_type
+         || tag == DW_TAG_atomic_type
+         || tag == DW_TAG_immutable_type
+         || tag == DW_TAG_packed_type
+         || tag == DW_TAG_shared_type)
+       && max_depth-- > 0)
     {
       Dwarf_Attribute attr_mem;
       Dwarf_Attribute *attr = INTUSE (dwarf_attr_integrate) (result, DW_AT_type,
@@ -67,7 +72,7 @@ dwarf_peel_type (Dwarf_Die *die, Dwarf_Die *result)
       tag = INTUSE (dwarf_tag) (result);
     }
 
-  if (tag == DW_TAG_invalid)
+  if (tag == DW_TAG_invalid || max_depth <= 0)
     return -1;
 
   return 0;