dwarf_next_cfi returns -1
Wed Jun 27 23:42:00 GMT 2018
On Wed, Jun 27, 2018 at 11:01:25PM +0000, Sasha Da Rocha Pinheiro wrote:
> This is a binary that infinite loops with dwarf_next_cfi -1 because the offset is not updated.
> A fix was done by saving the previous *next_off and comparing with the current, after getting -1 in the return value.
That is probably the best way to handle that.
Looking at the file I see it has (multiple) zero terminators, that
dwarf_next_cfi seems to not handle. Strangely these aren't described
in the Dwarf spec, but they are mentioned in the LSB exception frames
Totally untested patch attached. If you could test it that would be
wonderful. I'll write a proper testcase tomorrow.
-------------- next part --------------
diff --git a/libdw/dwarf_next_cfi.c b/libdw/dwarf_next_cfi.c
index 53fc3697..fa28d99b 100644
@@ -54,6 +54,7 @@ dwarf_next_cfi (const unsigned char e_ident,
we don't know yet whether this is a 64-bit object or not. */
|| unlikely (off + 4 >= data->d_size))
*next_off = (Dwarf_Off) -1l;
@@ -79,6 +80,13 @@ dwarf_next_cfi (const unsigned char e_ident,
length = read_8ubyte_unaligned_inc (&dw, bytes);
+ /* Not explicitly in the DWARF spec, but mentioned in the LSB exception
+ frames (.eh_frame) spec. If Length contains the value 0, then this
+ CIE shall be considered a terminator and processing shall end. */
+ if (length == 0)
+ goto done;
if (unlikely ((uint64_t) (limit - bytes) < length)
|| unlikely (length < offset_size + 1))
More information about the Elfutils-devel