crash on invalid dwarf info
Jan Kratochvil
jan.kratochvil@redhat.com
Wed Mar 2 07:39:00 GMT 2011
Hi Nick,
On Wed, 02 Mar 2011 00:42:25 +0100, Nick Lewycky wrote:
> I thought, before I spend time reducing a testcase, that I should
> check whether there's any interest in fixing crash on invalid bugs. I
> realize that it gets cumbersome to sanity check every little thing in
> elf and dwarf, so it may not be worth filing a bug for it. Thoughts?
>
> Here's the stack trace:
>
> Program received signal SIGSEGV, Segmentation fault.
> peek_die_abbrev (info_ptr=0x800057e68bb2 <Address 0x800057e68bb2 out of bounds>, bytes_read=0x7fffffffca6c, cu=0x7fffffffcae0) at ../../src/gdb/dwarf2read.c:4120
> 4120 Â abbrev_number = read_unsigned_leb128 (abfd, info_ptr, bytes_read);
GDB should not crash for any invalid external data, GDB should be fixed.
Still in this case when you check the code it does not even try to validate
the input, it does not check the buffer end boundary. So the bug does not
need much a reproducer, one could figure out one.
Rather a patch fixing these overruns is welcome.
Thanks,
Jan
More information about the Gdb
mailing list