/*
Copyright (C) 2000,2004 Silicon Graphics, Inc. All Rights Reserved.
Portions Copyright 2011-2020 David Anderson. All Rights Reserved.
This program is free software; you can redistribute it
and/or modify it under the terms of version 2.1 of the
GNU Lesser General Public License as published by the Free
Software Foundation.
This program is distributed in the hope that it would be
useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
Further, this software is distributed without any warranty
that it is free of the rightful claim of any third person
regarding infringement or the like. Any license provided
herein, whether implied or otherwise, applies only to this
software file. Patent licenses, if any, provided herein
do not apply to combinations of this program with other
software, or any other product whatsoever.
You should have received a copy of the GNU Lesser General
Public License along with this program; if not, write the
Free Software Foundation, Inc., 51 Franklin Street - Fifth
Floor, Boston MA 02110-1301, USA.
*/
#include <config.h>
#include <stddef.h> /* size_t */
#if defined(_WIN32) && defined(HAVE_STDAFX_H)
#include "stdafx.h"
#endif /* HAVE_STDAFX_H */
#include "dwarf.h"
#include "libdwarf.h"
#include "libdwarf_private.h"
#include "dwarf_base_types.h"
#include "dwarf_opaque.h"
#include "dwarf_error.h"
#include "dwarf_util.h"
#define MORE_BYTES 0x80
#define DATA_MASK 0x7f
#define DIGIT_WIDTH 7
#define SIGN_BIT 0x40
/* Note that with 'make check')
many of the test items
only make sense if Dwarf_Unsigned (and Dwarf_Signed)
are 64 bits. The encode/decode logic should
be fine whether those types are 64 or 32 bits.
See runtests.sh */
/* The encode/decode functions here are public */
/* 10 bytes of leb, 7 bits each part of the number, gives
room for a 64bit number.
While any number of leading zeroes would be legal, so
no max is really truly required here, why would a
compiler generate leading zeros (for unsigned leb)?
That would seem strange except in rare circumstances
a compiler may want, for overall alignment, to
add extra bytes..
So we allow more than 10 as it is legal for a compiler to
generate an leb with correct but useless trailing
zero bytes (note the interaction with sign in the signed case).
The value of BYTESLEBMAX is arbitrary but allows catching
corrupt data in a short time.
Before April 2021 BYTESLEBMAX was 10 as it was assumed
there were no 'useless' 0x80 high-order bytes in an LEB.
(0x80 meaning the 7 bits 'value' is zero)
However in DWARF6 (and at least one compiler before
DWARF6) a few high order bytes are allowed as padding.
*/
#define BYTESLEBMAX 24
#define BITSPERBYTE 8
/* When an leb value needs to reveal its length,
but the value is not needed */
int
_dwarf_skip_leb128(char * leb128,
Dwarf_Unsigned * leb128_length,
char * endptr)
{
unsigned byte = 0;
/* The byte_length value will be a small non-negative integer. */
unsigned byte_length = 1;
if (leb128 >=endptr) {
return DW_DLV_ERROR;
}
byte = *(unsigned char *)leb128;
if ((byte & 0x80) == 0) {
*leb128_length = 1;
return DW_DLV_OK;
} else {
unsigned byte2 = 0;
if ((leb128+1) >=endptr) {
return DW_DLV_ERROR;
}
byte2 = *(unsigned char *)(leb128 + 1);
if ((byte2 & 0x80) == 0) {
*leb128_length = 2;
return DW_DLV_OK;
}
/* Gets messy to hand-inline more byte checking.
One or two byte leb is very frequent. */
}
++byte_length;
++leb128;
/* Validity of leb128+1 checked above */
for (;;byte_length++,leb128++) {
if (leb128 >= endptr) {
/* Off end of available space. */
return DW_DLV_ERROR;
}
byte = *(unsigned char *)leb128;
if (byte & 0x80) {
if (byte_length >= BYTESLEBMAX) {
/* Too long. Not sane length. */
return DW_DLV_ERROR;
}
continue;
}
break;
}
*leb128_length = byte_length;
return DW_DLV_OK;
}
/* Decode ULEB with checking.
Casting leb128 to (unsigned char *) as
the signedness of char * is unpredictable in C */
int
dwarf_decode_leb128(char * leb128,
Dwarf_Unsigned * leb128_length,
Dwarf_Unsigned *outval,
char * endptr)
{
unsigned long byte = 0;
Dwarf_Unsigned word_number = 0;
Dwarf_Unsigned number = 0;
unsigned long shift = 0; /* at least 32 bits, even Win32 */
/* The byte_length value will be a small non-negative integer. */
unsigned int byte_length = 0;
if (leb128 >=endptr) {
return DW_DLV_ERROR;
}
/* The following unrolls-the-loop for the first two bytes and
unpacks into 32 bits to make this as fast as possible.
word_number is assumed big enough that the shift has a defined
result. */
byte = *(unsigned char *)leb128;
if ((byte & 0x80) == 0) {
if (leb128_length) {
*leb128_length = 1;
}
if (outval) {
*outval = byte;
}
return DW_DLV_OK;
} else {
unsigned long byte2 = 0;
if ((leb128+1) >=endptr) {
return DW_DLV_ERROR;
}
byte2 = *(unsigned char *)(leb128 + 1);
if ((byte2 & 0x80) == 0) {
if (leb128_length) {
*leb128_length = 2;
}
word_number = byte & 0x7f;
word_number |= (byte2 & 0x7f) << 7;
if (outval) {
*outval = word_number;
}
return DW_DLV_OK;
}
/* Gets messy to hand-inline more byte checking. */
}
/* The rest handles long numbers. Because the 'number'
may be larger than the default int/unsigned,
we must cast the 'byte' before
the shift for the shift to have a defined result. */
number = 0;
shift = 0;
byte_length = 1;
for (;;) {
unsigned int b = byte & 0x7f;
if (shift >= (sizeof(number)*BITSPERBYTE)) {
/* Shift is large. Maybe corrupt value,
maybe some padding high-end byte zeroes
that we can ignore. */
if (!b) {
if (byte_length >= BYTESLEBMAX) {
/* Erroneous input. */
if (leb128_length) {
*leb128_length = BYTESLEBMAX;
}
return DW_DLV_ERROR;
}
++leb128;
/* shift cannot overflow as
BYTESLEBMAX is not a large value */
shift += 7;
if (leb128 >=endptr ) {
if (leb128 == endptr && !byte) {
/* Meaning zero bits a padding byte */
if (leb128_length) {
*leb128_length = byte_length;
}
if (outval) {
*outval = number;
}
return DW_DLV_OK;
}
return DW_DLV_ERROR;
}
++byte_length;
byte = *(unsigned char *)leb128;
continue;
}
/* Too big, corrupt data given the non-zero
byte content */
return DW_DLV_ERROR;
}
number |= ((Dwarf_Unsigned)b << shift);
if ((byte & 0x80) == 0) {
if (leb128_length) {
*leb128_length = byte_length;
}
if (outval) {
*outval = number;
}
return DW_DLV_OK;
}
shift += 7;
byte_length++;
if (byte_length > BYTESLEBMAX) {
/* Erroneous input. */
if (leb128_length) {
*leb128_length = BYTESLEBMAX;
}
break;
}
++leb128;
if (leb128 >= endptr) {
return DW_DLV_ERROR;
}
byte = *(unsigned char *)leb128;
}
return DW_DLV_ERROR;
}
/* Decode SLEB with checking
Casting leb128 to (unsigned char *) as
the signedness of char * is unpredictable
in C */
int
dwarf_decode_signed_leb128(char * leb128,
Dwarf_Unsigned * leb128_length,
Dwarf_Signed *outval,char * endptr)
{
Dwarf_Unsigned byte = 0;
unsigned int b = 0;
Dwarf_Signed number = 0;
unsigned long shift = 0;
int sign = FALSE;
/* The byte_length value will be a small non-negative integer. */
unsigned int byte_length = 1;
/* byte_length being the number of bytes
of data absorbed so far in
turning the leb into a Dwarf_Signed. */
if (!outval) {
return DW_DLV_ERROR;
}
if (leb128 >= endptr) {
return DW_DLV_ERROR;
}
byte = *(unsigned char *)leb128;
for (;;) {
b = byte & 0x7f;
if (shift >= (sizeof(number)*BITSPERBYTE)) {
/* Shift is large. Maybe corrupt value,
maybe some padding high-end byte zeroes
that we can ignore (but notice sign bit
from the last usable byte). */
sign = b & 0x40;
if (!byte || byte == 0x40) {
/* The value is complete. */
break;
}
if (b == 0) {
++byte_length;
if (byte_length > BYTESLEBMAX) {
/* Erroneous input. */
if (leb128_length) {
*leb128_length = BYTESLEBMAX;
}
return DW_DLV_ERROR;
}
++leb128;
/* shift cannot overflow as
BYTESLEBMAX is not a large value */
shift += 7;
if (leb128 >= endptr) {
return DW_DLV_ERROR;
}
byte = *(unsigned char *)leb128;
continue;
}
/* Too big, corrupt data given the non-zero
byte content */
return DW_DLV_ERROR;
}
/* This bit of the last byte indicates sign */
sign = b & 0x40;
number |= ((Dwarf_Unsigned)b) << shift;
shift += 7;
if ((byte & 0x80) == 0) {
break;
}
++leb128;
if (leb128 >= endptr) {
return DW_DLV_ERROR;
}
byte = *(unsigned char *)leb128;
byte_length++;
if (byte_length > BYTESLEBMAX) {
/* Erroneous input. */
if (leb128_length) {
*leb128_length = BYTESLEBMAX;
}
return DW_DLV_ERROR;
}
}
if (sign) {
/* The following avoids undefined behavior. */
unsigned int shiftlim = sizeof(Dwarf_Signed) * BITSPERBYTE -1;
if (shift < shiftlim) {
Dwarf_Signed y = (Dwarf_Signed)
(((Dwarf_Unsigned)1) << shift);
Dwarf_Signed x = -y;
number |= x;
} else if (shift == shiftlim) {
Dwarf_Signed x= (((Dwarf_Unsigned)1) << shift);
number |= x;
} else {
/* trailing zeroes case */
Dwarf_Signed x= (((Dwarf_Unsigned)1) << shiftlim);
number |= x;
}
}
if (leb128_length) {
*leb128_length = byte_length;
}
*outval = number;
return DW_DLV_OK;
}
/* Encode val as a uleb128. This encodes it as an unsigned
number.
Return DW_DLV_ERROR or DW_DLV_OK.
space to write leb number is provided by caller, with caller
passing length.
number of bytes used returned thru nbytes arg.
This never emits padding, it emits the minimum
number of bytes that can hold the value. */
int dwarf_encode_leb128(Dwarf_Unsigned val, int *nbytes,
char *space, int splen)
{
char *a;
char *end = space + splen;
a = space;
do {
unsigned char uc;
if (a >= end) {
return DW_DLV_ERROR;
}
uc = val & DATA_MASK;
val >>= DIGIT_WIDTH;
if (val != 0) {
uc |= MORE_BYTES;
}
*a = uc;
a++;
} while (val);
*nbytes = (int)(a - space);
return DW_DLV_OK;
}
/* This never emits padding at the end, so it
says nothing about what such would look like
for a negative value. */
int dwarf_encode_signed_leb128(Dwarf_Signed value, int *nbytes,
char *space, int splen)
{
char *str;
Dwarf_Signed sign = -(value < 0);
int more = 1;
char *end = space + splen;
str = space;
do {
unsigned char byte = value & DATA_MASK;
value >>= DIGIT_WIDTH;
if (str >= end) {
return DW_DLV_ERROR;
}
/* Remaining chunks would just contain the sign
bit, and this chunk
has already captured at least one sign bit. */
if (value == sign &&
((byte & SIGN_BIT) == (sign & SIGN_BIT))) {
more = 0;
} else {
byte |= MORE_BYTES;
}
*str = byte;
str++;
} while (more);
*nbytes = (int)(str - space);
return DW_DLV_OK;
}