This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Re: out-of-bounds read / crash in elfutils tools (readelf, nm, ...) with malformed file
- From: Mark Wielaard <mjw at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Tue, 11 Nov 2014 14:15:31 +0100
- Subject: Re: out-of-bounds read / crash in elfutils tools (readelf, nm, ...) with malformed file
On Tue, 2014-11-11 at 11:31 +0100, Hanno Böck wrote:
> I can't build elfutils git head with -m32 right now at all (likely
> another bug? was possible a few days ago)
Replicated on Fedora 21 Beta i686. Fix pushed as attached.
You might need the recently posted "libdwfl: find_dynsym don't assume
dynamic linker has adjusted DYNAMIC entries." patch to get zero FAIL on
make check.
Thanks,
Mark
From 09086238f39daab4060d0e5f39f89820a0771d8c Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mjw@redhat.com>
Date: Tue, 11 Nov 2014 14:10:04 +0100
Subject: [PATCH] libdw: Fix dwarf_getsrclines.c 32bit compile error.
__libdw_getsrclines should have been marked as internal_function in
both libdwP.h and dwarf_getsrclines.c. Do address_size comparison as
uint8_t to avoid signedness warning.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
libdw/ChangeLog | 6 ++++++
libdw/dwarf_getsrclines.c | 3 ++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index d5796e8..58736a6 100644
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,9 @@
+2014-11-11 Mark Wielaard <mjw@redhat.com>
+
+ * dwarf_getsrclines.c (read_srclines): Do address_size comparison
+ explicitly as uint8_t.
+ (__libdw_getsrclines): Add internal_function to declaration.
+
2014-09-10 Petr Machata <pmachata@redhat.com>
* dwarf_macro_getparamcnt.c: New file.
diff --git a/libdw/dwarf_getsrclines.c b/libdw/dwarf_getsrclines.c
index 4bb19c2..15881e8 100644
--- a/libdw/dwarf_getsrclines.c
+++ b/libdw/dwarf_getsrclines.c
@@ -428,7 +428,7 @@ read_srclines (Dwarf *dbg,
apporiate for the target machine. We use the
address size field from the CU header. */
op_index = 0;
- if (unlikely (lineendp - linep < address_size))
+ if (unlikely (lineendp - linep < (uint8_t) address_size))
goto invalid_data;
if (__libdw_read_address_inc (dbg, IDX_debug_line, &linep,
address_size, &addr))
@@ -730,6 +730,7 @@ files_lines_compare (const void *p1, const void *p2)
}
int
+internal_function
__libdw_getsrclines (Dwarf *dbg, Dwarf_Off debug_line_offset,
const char *comp_dir, unsigned address_size,
Dwarf_Lines **linesp, Dwarf_Files **filesp)
--
1.8.3.1