https://sourceware.org/bugzilla/show_bug.cgi?id=33637
--- Comment #2 from Sourceware Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Alan Modra <[email protected]>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cdb728d4da6184631989b192f1022c219dea7677 commit cdb728d4da6184631989b192f1022c219dea7677 Author: Alan Modra <[email protected]> Date: Sun Nov 30 12:51:54 2025 +1030 PR 33637, abort in byte_get When DWARF5 support was added to binutils in commit 77145576fadc, the loop over CUs in process_debug_info set do_types when finding a DW_UT_type unit, in order to process the signature and type offset entries. Unfortunately that broke debug_information/debug_info_p handling, which previously was allocated and initialised for each unit in .debug_info. debug_info_p was NULL when processing a DWARF4 .debug_types section. After the 77145576fadc change it was possible for debug_infp_p to be non-NULL but point to zeroed data, in particular a zeroed offset_size. A zero for offset_size led to the byte_get_little_endian abort triggered by the fuzzer testcase. I haven't investigated whether there is any need for a valid offset_size when processing a non-fuzzed DWARF4 .debug_types section. Presumably we'd have found that out in the last 6 years if that was the case. We don't want to change debug_information[] for .debug_types! PR 33637 * dwarf.c (process_debug_info): Don't change DO_TYPES flag bit depending on cu_unit_type. Instead test cu_unit_type along with DO_TYPES to handle signature and type_offset for a type unit. Move find_cu_tu_set_v2 call a little later. -- You are receiving this mail because: You are on the CC list for the bug.
