This is the mail archive of the gdb@sourceware.org mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: crash on invalid dwarf info

From: Jan Kratochvil <jan dot kratochvil at redhat dot com>
To: Nick Lewycky <nlewycky at google dot com>
Cc: gdb <gdb at sourceware dot org>, Paul Pluzhnikov <ppluzhnikov at google dot com>
Date: Wed, 2 Mar 2011 08:39:32 +0100
Subject: Re: crash on invalid dwarf info
References: <AANLkTimA0HNZsKe37XcO2FASDVWoaj9mEYRpRoG8YYMQ@mail.gmail.com>

Hi Nick,

On Wed, 02 Mar 2011 00:42:25 +0100, Nick Lewycky wrote:
> I thought, before I spend time reducing a testcase, that I should
> check whether there's any interest in fixing crash on invalid bugs. I
> realize that it gets cumbersome to sanity check every little thing in
> elf and dwarf, so it may not be worth filing a bug for it. Thoughts?
> 
> Here's the stack trace:
> 
> Program received signal SIGSEGV, Segmentation fault.
> peek_die_abbrev (info_ptr=0x800057e68bb2 <Address 0x800057e68bb2 out of bounds>, bytes_read=0x7fffffffca6c, cu=0x7fffffffcae0) at ../../src/gdb/dwarf2read.c:4120
> 4120 Âabbrev_number = read_unsigned_leb128 (abfd, info_ptr, bytes_read);

GDB should not crash for any invalid external data, GDB should be fixed.

Still in this case when you check the code it does not even try to validate
the input, it does not check the buffer end boundary.  So the bug does not
need much a reproducer, one could figure out one.

Rather a patch fixing these overruns is welcome.

Thanks,
Jan

References:
- crash on invalid dwarf info
  - From: Nick Lewycky

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]