This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Re: out-of-bounds read / crash in elfutils tools (readelf, nm, ...) with malformed file
- From: Petr Machata <pmachata at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Tue, 11 Nov 2014 14:30:32 +0100
- Subject: Re: out-of-bounds read / crash in elfutils tools (readelf, nm, ...) with malformed file
Hanno Böck <hanno@hboeck.de> writes:
> I can't build elfutils git head with -m32 right now at all (likely
> another bug? was possible a few days ago), so I can't test, but we can
> probably assume that it was due to the systemwide libs it used.
That would be my fault. Is the following fix acceptable?
Subject: [PATCH] Fix compilation on x86
GCC finds two problems when compiling in 32-bit mode.
- First, the function __libdw_getsrclines is marked as internal only
in the header, not in the C file, and in 32-bit mode, this is
actually reported as a change in prototype.
- Second, address size is passed as a four-byte unsigned quantity, and
GCC can't prove that it's safe to compare it with a four-byte signed
quantity that is the result of pointer subtraction. This is not a
problem in 64-bit mode, where the 4-byte unsigned quantity can be
losslessly converted to an 8-byte signed pointer difference. But
passing address size in a 4-byte type is overly generous, so revert
back to uint8_t, like what CU's actually store.
Signed-off-by: Petr Machata <pmachata@redhat.com>
---
libdw/ChangeLog | 7 +++++++
libdw/dwarf_getsrclines.c | 6 +++---
libdw/libdwP.h | 2 +-
3 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index d5796e8..0752566 100644
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,10 @@
+2014-11-11 Petr Machata <pmachata@redhat.com>
+
+ * libdwP.h (__libdw_getsrclines): Pass address_size as uint8_t.
+ * dwarf_getsrclines.c (read_srclines): Likewise.
+ (__libdw_getsrclines): Likewise. Also mark function as internal
+ here as well.
+
2014-09-10 Petr Machata <pmachata@redhat.com>
* dwarf_macro_getparamcnt.c: New file.
diff --git a/libdw/dwarf_getsrclines.c b/libdw/dwarf_getsrclines.c
index 4bb19c2..959c460 100644
--- a/libdw/dwarf_getsrclines.c
+++ b/libdw/dwarf_getsrclines.c
@@ -70,7 +70,7 @@ compare_lines (const void *a, const void *b)
static int
read_srclines (Dwarf *dbg,
const unsigned char *linep, const unsigned char *lineendp,
- const char *comp_dir, unsigned address_size,
+ const char *comp_dir, uint8_t address_size,
Dwarf_Lines **linesp, Dwarf_Files **filesp)
{
int res = -1;
@@ -729,9 +729,9 @@ files_lines_compare (const void *p1, const void *p2)
return 0;
}
-int
+internal_function int
__libdw_getsrclines (Dwarf *dbg, Dwarf_Off debug_line_offset,
- const char *comp_dir, unsigned address_size,
+ const char *comp_dir, uint8_t address_size,
Dwarf_Lines **linesp, Dwarf_Files **filesp)
{
struct files_lines_s fake = { .debug_line_offset = debug_line_offset };
diff --git a/libdw/libdwP.h b/libdw/libdwP.h
index 5ccb13c..d798737 100644
--- a/libdw/libdwP.h
+++ b/libdw/libdwP.h
@@ -716,7 +716,7 @@ void __libdw_empty_loc_attr (Dwarf_Attribute *attr, struct Dwarf_CU *cu)
NULL) with loaded information. Returns 0 for success or a negative
value for failure. */
int __libdw_getsrclines (Dwarf *dbg, Dwarf_Off debug_line_offset,
- const char *comp_dir, unsigned address_size,
+ const char *comp_dir, uint8_t address_size,
Dwarf_Lines **linesp, Dwarf_Files **filesp)
internal_function
__nonnull_attribute__ (1);
--
2.1.0