From patchwork Fri Mar 24 04:09:22 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Padraig Brady X-Patchwork-Id: 19719 Received: (qmail 102598 invoked by alias); 24 Mar 2017 04:09:39 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 102581 invoked by uid 89); 24 Mar 2017 04:09:39 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-27.6 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_LOW, SPF_PASS autolearn=ham version=3.3.2 spammy=HX-Envelope-From:prvs X-HELO: mx0a-00082601.pphosted.com Received: from mx0a-00082601.pphosted.com (HELO mx0a-00082601.pphosted.com) (67.231.145.42) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 24 Mar 2017 04:09:37 +0000 Received: from pps.filterd (m0044010.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v2O45RiN008909 for ; Thu, 23 Mar 2017 21:09:35 -0700 Received: from maileast.thefacebook.com ([199.201.65.23]) by mx0a-00082601.pphosted.com with ESMTP id 29csdggcsc-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 23 Mar 2017 21:09:35 -0700 Received: from NAM03-DM3-obe.outbound.protection.outlook.com (192.168.183.28) by o365-in.thefacebook.com (192.168.177.32) with Microsoft SMTP Server (TLS) id 14.3.319.2; Fri, 24 Mar 2017 00:09:33 -0400 Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=fb.com; Received: from localhost.localdomain (2620:10d:c090:200::d:3999) by BN6PR15MB1394.namprd15.prod.outlook.com (10.172.150.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.14; Fri, 24 Mar 2017 04:09:31 +0000 To: From: Padraig Brady Subject: [PATCH] Avoid segfault on invalid directory table X-Enigmail-Draft-Status: N1110 Message-ID: <6c10a81a-b9fe-cd6b-0adc-85fc7b596c1d@fb.com> Date: Thu, 23 Mar 2017 21:09:22 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 X-ClientProxiedBy: CO2PR05CA0059.namprd05.prod.outlook.com (10.166.88.155) To BN6PR15MB1394.namprd15.prod.outlook.com (10.172.150.19) X-MS-Office365-Filtering-Correlation-Id: 84085770-215f-4474-d147-08d4726b92f9 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:BN6PR15MB1394; X-Microsoft-Exchange-Diagnostics: 1; BN6PR15MB1394; 3:ewazxhCQAx5XRg9aUOIu8ZcpjZqIrC96UbA79mOB+vsPHUcE6iqW4S3HEvtYbUs5lfukQXMI3oBc3KQkdb1BsAceFsULP2ljnW3j1O46IHZprfcDt5Pmqpkp9fLqGLpO3/5FlTSGIK8e95ixBQUyQ7wJDurXJJ6ALV2itQi6eUzs5cN8sFKINpdUvrUA6khiFNFT6AyhFshGMymzr9pLS/Q+jUGW0cVEnKwJAy8jxUPHZSs8zT0SWgY9fSwLwkWGJvBYtsSSQGk/UO/pOQM5vA==; 25:UehwGjKHf/5VVkGGwTH1YK1osHQwAJRyY6OCBEifTrTBFPZsaE1NLLMAuVmUl59+F325DYUW0glFxmPBG4zB57pn/QbxLGI2d3ReEqwtrz7XOIKikFoYelYuWR/KViLXaslTw7GFGcjt8E1X+rfgXWNTU/Is9BAOQK1MxKk+sRVB4xU4hMjDd9VVhINAE93QNTxlc47Px4dHjIybFJmkJ/1OMHsZiYXNue0oGSj/sjR8cV1Q3R5bY/jIkAsHM8a57lfCl9wab271nVT1K3Xgk60j3m82ql7IlFXB2rQX+3GiODag3w1uzQoQ5XS5xaBo5Kktk+SF6MyKHGrdbyGHuofAkmsI7kSrJM2GebEuw74JR6kOL4DusV6BNX2J7VV3M+5mwwfYG8mU9A1FywWwn90SQlb6MzBqMMeU9mVgaosT08fJqtncBOzOUNVL3bMxjiMuG8mZwRZFXF8adQtzRFmerDh7ag9Z+FA3yA4mGWdSfv2Occooagww7Gojavnl X-Microsoft-Exchange-Diagnostics: 1; BN6PR15MB1394; 31:MLUAOJweM/RSzA1e1M6p9O5Qx4BoMsP+1fO+mkxtWwwnyj9WFFp/J41hNwT7N4+seMn3kTWMkfb+BY4fxmlLVdYkABerjwFs+GeiOcmZxCt47oWFEBjfUf7Ev6Q+PuAW+Zfxy5jGMVlRPhP3Ess+JyrjRtaB3RlT+01ZXud9TNpu7UMzV5NfolfxjrR7GC+Zpvz/gZs9ZGrfnG6vFGLrYY2RV1TItBR33hH9eVDMsK1MSiN64+Y4PjO9XI0hc4WEYbuCnH3fk3tHh7B9MybV38u1+wCZo8lJHBpcaA1N/8X3B9H8KSvn22misUJ8t4fDqXRLEKUmoHuIPNbPL3z8Og==; 20:lQoVhHwdFaP1lTiga5xb00ZMan5CmbjTTUREFJs0m1gCE/lWBp8ll+1g5BlLCkNE/rF7ZcUPPMHkkSDkk4GvUtN8dhr8Guq8ANNr4hHYCDsXecMpZUBEOfIvaRgfpkFV0w3m+npzTasVeLywmcWIAcn0zADtq1vf8gtMBKyCQRvtgLNIO0eJtvTQa6+CaEptQZUild/5TQVL8ytWwkppTiKegpJmgdwuBm9MEoXQa7qszJqRZOOKRlpubHMy9VkELBUku+V7wuqstAFORgn4raWnWSUhn7YEuFhuTZXVYL8RsQ6FPz5ppoZGR/Min14j1q3abtaVvGVSSCwJep2bAb8okC8HoTN5iyt57+w4cB7pk8KYm5yVVS+yL9jlhAlCtE29MZv9Bc8kL88RCz+IaYKciH09s0IbUrWzdVnsBCV0JZwXuAVN17073PoS7RE08J4LmzlXmyvigyqfufqUtzS6Ug53D2tpAWjsB3TACAPzswOZcuGcVaOVEsPPfjDh X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(102415395)(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6041248)(20161123555025)(20161123562025)(20161123564025)(20161123560025)(20161123558025)(6072148); SRVR:BN6PR15MB1394; BCL:0; PCL:0; RULEID:; SRVR:BN6PR15MB1394; X-Microsoft-Exchange-Diagnostics: 1; BN6PR15MB1394; 4:LIITK9ONFUv2x5sf9TQGQSqKAVzsC9J2TLXhNtOnY6HqyxAcYUyd2uSRjVie1zEMrGoRCm6K2RqiBEOjOCHmAsD4psWbNTtIu/pMlRR03LRze3IcVesrFC7xCokwI2Tpi1AcIYt1U0TwgAIFwChlsv05FKEYYfBKD1nM5GIFxwtZw5RhIrtDfps8UJXUIIjXhp4Iuf6EYYpn1bp3I/th5es6Wig9bpQxj/zgmPuvImmzV9GCwsDOt6IHYIT52GCeTU4RiJR6szwB1b0vahKesrJ57ZIQGLfBi8LglnQqZ+JtHbHOeskAxk/FMGRV2SFqfhcjmX/vCcem8MyCh96gscSycPXYsI2oi4klHvWaUl9mqjVKJon8oVL6YkrV3diflVC9iJ0Fiu2SNwXhR5vqflADeAtG3JMDL8bE5xRU/nA41laqMgFN60JVz1Ui9z4hKVV2zzvAm3OBJrpdM7ZaA3XYdqF7iOUeP9gkM1JHd5B/cGs1K+/3STI8YFVHghDpgrnQsuSG6cMzN5l4TB0sNP5xCGHpgCfM2fT9J3vRTF9h0id67ZazW5ND0pn1oriOFfx6nWkVVFX2kN9bZlPna/AYQJR5V/1IaGmyf8q1UpdjjSQEEUYbftWM6lYR6ivE X-Forefront-PRVS: 0256C18696 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6069001)(6009001)(39830400002)(39450400003)(39410400002)(6506006)(6486002)(6116002)(568964002)(270700001)(2476003)(110136004)(38730400002)(189998001)(54356999)(4001350100001)(50986999)(42186005)(2906002)(6512007)(305945005)(53936002)(5000100001)(5660300001)(64126003)(81166006)(65806001)(2351001)(4610100001)(512874002)(65956001)(8676002)(5890100001)(36756003)(33646002)(6916009)(6666003)(83506001)(84326002)(31696002)(25786009)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR15MB1394; H:localhost.localdomain; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN6PR15MB1394; 23:McBPLzUNEMF5M7S9kT1xXd/1hdXhJ00ArXNCPpvJe?= =?us-ascii?Q?Wws1drj9fqleqlTJXvXbHK0TyJGW7d0jmfs93y0DTyiGhksLFJ0psx5IbQk5?= =?us-ascii?Q?7u2cYVc+1xG1Y4CPSS/SrSMvBS1N5O6+uezty+smC0ZRBtDL5UW1FaPHzTpU?= =?us-ascii?Q?LXQ5eAeMWQ9V1v70eCC+O7onV/60u8RAL+x64hhBijZnydU61HaYyL46Y8sa?= =?us-ascii?Q?CrjGrJR5nIQHZT9PI96B0lN04Ohz5hzMaY8g0F80jhGILtJ91EnMzDB+uvF2?= =?us-ascii?Q?OlsePGRWqUveSr86fvYkyw9MwX8g4aT5Xmb+c60ozHOv906919kNb94CgK0D?= =?us-ascii?Q?UK/aQCXDPNqq+MCS18nsgO8q3vdSnqXw3/KkLNUH6CUt5kxt3ehzUQxdVUeK?= =?us-ascii?Q?4XKEhcBspFBNjuhWIzhai/dn2bqfJwy4zWQVpNmLD4MRWUmNvyiI5V5cLU9h?= =?us-ascii?Q?IpzpSncIXQpRWMmXPpohq2BWFGq96/dEQ9xoD21vfSkySdquASCxlCV5knMV?= =?us-ascii?Q?EQRLNn6wGLmHIHaZGzgkXqLUwNYc5mYXYMKHoo96+heSo1hhlr95vCsKgYV8?= =?us-ascii?Q?favviwEIJjQahZcEuFSrvQ1mH1ZkenyZ9ImdjWPrZCp8HyGv3zaIwjydwW2c?= =?us-ascii?Q?Jzkyzl0Buq6As/Ybh5Zk5QYHAMv2X7XFaQSX1wYl5eNZ5w2Vwj8BIJDzce6Z?= =?us-ascii?Q?pDvsDFPwD5vVz15FE4vIFqF1S+a4QoZB2hrjba+5TXS/l+nnbH4BHJ980j+f?= =?us-ascii?Q?9haH4ilzp/06ww2IQ3i0IxR5lw+GEHvjwipjQp+lij4YO1l13PH0t/h+6F5n?= =?us-ascii?Q?fxpdZiPw7I3g04o6CC0GSju14e/qOkRHpcne6YfvsleoOY7OdcRFZyqH51oa?= =?us-ascii?Q?DZVaUuv/gvX9z/QKbR9eamXR/wpJE3bk3lGdUXrSzZEotkG77G6b443SslGg?= =?us-ascii?Q?kYeOHvA0Gemz58ghdIUqRnH3YO1wPFysTOcuZSzOB0Cab4hScSOJqpGrq92+?= =?us-ascii?Q?f+t6Pjc29pJ6yZ53oH9z4J7dGxOAkBIORtYB5ICA0KNqjqnKhjok9c/7jXyT?= =?us-ascii?Q?OLWFLMOmjCCChYmTi7tLKJxlZcyEAqp8NyrwuHOLyts91PUuA=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1; BN6PR15MB1394; 6:SEZ6tuHk3DWQdBvaHewJpCokBgC81gE09bBVygJkW3FDecuKgafiYcdVqsyXVcoPxMH7k5UgaPTNOTBT/hraWNl2/Qb9y/2raJcAe0Rsfm8obkp82BnwANghG3NEx60OcpgSYi9Bbsu/4aEfk46oyVQ6lBzTJL91Eht4kFvpg19691iK+RL3objd47lOCS3DtZuY+VQ8IHe2R/I/Sa8rkSUs68mbJrdCxqiKni8SIT9DTokRWz/cPArFZ5GlUXMTifuei0c4Pc59Df7Cdbgebhv9Vp8KXyMdZZN3J97vyuLbwdQt8Gr7EfdDNqTT+3x8SddxlfXbYdMLQ09Yb2WYJryazS7gqJW9qF2mpD/AMK3CZI61iidbX6rPd6CH4NSY6d/ZjOT17TzDbJOZN738RA==; 5:FTw2ieiS86A1FYCEf9QBn9FLwlZKkq2FDu74QAlusTAGOuVS29B8fYEjDgl4ivTrZIuXztkL+X2iSev8L0jdhkVI4T9mg0R8pSJv5FF42iwi/Ky1q21DdePnVjSgFNaM1X8MqI1EyhP9x+XAb+Mq5w==; 24:UF8IvFI+apVGaibCDFYYRntBxx//YC4M5GCUFygPwDu6A2GkL1Bpg1+DGxcrYC6/HmtfXIwomt74KQ4G5HCCC/A+C9XnD+gpIxjMLyC7k/E= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BN6PR15MB1394; 7:04G/8m26oZgsR/KVw5l0ivEnNAI22k4i1zrURVPyc/8PvsE8FQZ1EzJgv96LMtrFtOoGeJic8iSY/I0G08XQbJqjKqoPP2Xe/OIxEYtLrTWsFveVoDdAA9UTzyfQpMbQElEGsdcM7/l4G2dux3Ij5BLm6f3AQfCCYUVaLYuKSOMK0fOmh3OA+t4DvBPnG0p1NggSIbQSYYjiVGU7TSxptxGaK+doiAMQT7IoKKBzky4HOmgpCwrkmxuyEL9dP1ZnK2zqo73QkUerApzn9LRsOJi5IPiyB9wtLWj9OENHoDDJk9uXts232Nq6Ehlo2630LzZZMrzO76J0iMhvqxOm4w==; 20:kDWbqYA1kW6PFNon7Lby1wwlIoY0aPMT0JSPUpdItScMG0WhkK85ktOvyjc4bWIMRw6i2eKOXk8/FfeRh2NVnFTfzKz4FFn48Q8s7YTO3hOOMw+MgsxeXLvGYHWJQ+IIumbSs+nPayJ3wtbHbb8s5z9gH/b73Zkjlk0nmHYHX2o= X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Mar 2017 04:09:31.5051 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1394 X-OriginatorOrg: fb.com X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-03-24_03:, , signatures=0 gdb was segfaulting during backtrace on a binary here, where fe->dir_index parsed from the dwarf info was seen to access beyond the provided include_dirs array. The attached bounds the access to entries actually written to the array, and was verified to output the backtrace correctly. cheers, Pádraig From bc176bf7052db2242b2fb6f10dcbfe15c5a3e7e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A1draig=20Brady?= Date: Thu, 23 Mar 2017 20:33:47 -0700 Subject: [PATCH] avoid segfault on invalid directory table This was seen to avoid a segfault when doing a backtrace in certain binaries. gdb/ * dwarf2read.c (setup_type_unit_groups): Ensure dir_index doesn't reference beyond the provided include_dirs. to 'lh->include_dirs' before accessing to it. (psymtab_include_file_name): Likewise. (dwarf_decode_lines_1): Likewise. (dwarf_decode_lines): Likewise. (file_file_name): Likewise. --- gdb/dwarf2read.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/gdb/dwarf2read.c b/gdb/dwarf2read.c index b3ea52b..519550b 100644 --- a/gdb/dwarf2read.c +++ b/gdb/dwarf2read.c @@ -9416,7 +9416,8 @@ setup_type_unit_groups (struct die_info *die, struct dwarf2_cu *cu) const char *dir = NULL; struct file_entry *fe = &lh->file_names[i]; - if (fe->dir_index && lh->include_dirs != NULL) + if (fe->dir_index && lh->include_dirs != NULL + && (fe->dir_index - 1) < lh->num_include_dirs) dir = lh->include_dirs[fe->dir_index - 1]; dwarf2_start_subfile (fe->name, dir); @@ -17985,7 +17986,8 @@ psymtab_include_file_name (const struct line_header *lh, int file_index, char *copied_name = NULL; int file_is_pst; - if (fe.dir_index && lh->include_dirs != NULL) + if (fe.dir_index && lh->include_dirs != NULL + && (fe.dir_index - 1) < lh->num_include_dirs) dir_name = lh->include_dirs[fe.dir_index - 1]; if (!IS_ABSOLUTE_PATH (include_name) @@ -18366,7 +18368,8 @@ dwarf_decode_lines_1 (struct line_header *lh, struct dwarf2_cu *cu, struct file_entry *fe = &lh->file_names[state_machine.file - 1]; const char *dir = NULL; - if (fe->dir_index && lh->include_dirs != NULL) + if (fe->dir_index && lh->include_dirs != NULL + && (fe->dir_index - 1) < lh->num_include_dirs) dir = lh->include_dirs[fe->dir_index - 1]; dwarf2_start_subfile (fe->name, dir); @@ -18529,7 +18532,8 @@ dwarf_decode_lines_1 (struct line_header *lh, struct dwarf2_cu *cu, else { fe = &lh->file_names[state_machine.file - 1]; - if (fe->dir_index && lh->include_dirs != NULL) + if (fe->dir_index && lh->include_dirs != NULL + && (fe->dir_index - 1) < lh->num_include_dirs) dir = lh->include_dirs[fe->dir_index - 1]; if (record_lines_p) { @@ -18671,7 +18675,8 @@ dwarf_decode_lines (struct line_header *lh, const char *comp_dir, struct file_entry *fe; fe = &lh->file_names[i]; - if (fe->dir_index && lh->include_dirs != NULL) + if (fe->dir_index && lh->include_dirs != NULL + && (fe->dir_index - 1) < lh->num_include_dirs) dir = lh->include_dirs[fe->dir_index - 1]; dwarf2_start_subfile (fe->name, dir); @@ -21380,7 +21385,8 @@ file_file_name (int file, struct line_header *lh) struct file_entry *fe = &lh->file_names[file - 1]; if (IS_ABSOLUTE_PATH (fe->name) || fe->dir_index == 0 - || lh->include_dirs == NULL) + || lh->include_dirs == NULL + || (fe->dir_index - 1) >= lh->num_include_dirs) return xstrdup (fe->name); return concat (lh->include_dirs[fe->dir_index - 1], SLASH_STRING, fe->name, (char *) NULL); -- 2.5.5