From patchwork Thu Nov 16 21:29:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aleksei Vetrov X-Patchwork-Id: 80072 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 314093858414 for ; Thu, 16 Nov 2023 21:29:53 +0000 (GMT) X-Original-To: elfutils-devel@sourceware.org Delivered-To: elfutils-devel@sourceware.org Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by sourceware.org (Postfix) with ESMTPS id 18D563858D28 for ; Thu, 16 Nov 2023 21:29:46 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 18D563858D28 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=flex--vvvvvv.bounces.google.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 18D563858D28 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::b49 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700170187; cv=none; b=b+db/BXVziqnmGKqiTyhDSy5HZ+woiaG5byRb3ZVEdEpwhTWWQ2RF8hMFgewwE3I4gGm52VKSlr63I7rJQomW587yjuTP8JxPUdq+qPAnwAK+VL3vZkgH172n0tsZby69Cl+iIRVo7/N6aJO+bj3RHlJlsK+W5s6gDEzt7vnStQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700170187; c=relaxed/simple; bh=8EKXtLjMA18YvsHSCM0FqZt/UATwAcrYN2wByWZbXe4=; h=DKIM-Signature:Date:Mime-Version:Message-ID:Subject:From:To; b=NhYjjmk9kBwL8103BLvzcplYOS+Rhi7Y6mKqQuUT2Df8OSaRUxYiKVDdt4xT+4514jMJK+6LsHhECA/dGn/E528kqrDHZE+RX5Q0DzzD4c6uwFoWUBKYHJ3bpohEYaYzouTfLVpl+LAv9yVrf5Z+qy3Nk+hWpFVRrRZMPxZD/n8= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-da3b6438170so1682638276.1 for ; Thu, 16 Nov 2023 13:29:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1700170185; x=1700774985; darn=sourceware.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=xHj6M8/bcnxKd+P3xMIa9C7fuUlk8gobTFNj1X4FX/M=; b=gynpAyFLIE2Hkk3R71Z2Rd+/61Xr6UnZty/f/GQBXWlRF3uv247o2IzqOAs+LoWINg BURSRg90ABn4xddkKirqHSfGwMLYj3hOStXemwsqC9YTkJKGopwRLtQPNnYNjZJUMjBX /ljTPZzd74xfGYF2pgc+SLej/zyY1VKtk1oS7cjQAiAZn6EhzeJHqzMpCwQeUUX+f9Cf wVYGOVkhO3dbl/y11uhtLN3mxx6AL0MVlVPVZZ5EFriZmv0gEw55z9nTLHbc5+eJdpGU 9Uxf0JitndpxNcHgr9FTFV9M8huW20GMCRZV6TUXaeNXL5G1ihHfUHzCrz4TDm/Auk9Y ACSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700170185; x=1700774985; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=xHj6M8/bcnxKd+P3xMIa9C7fuUlk8gobTFNj1X4FX/M=; b=RLZjKAIpNS5gWt4zrFrdsgl4tnpVYftLAgJY8x4EJNF4IkAbEMZZoHVa53rYgsaCxw F8S/WjLZekJpf0XNmh3H1J+ZBCHWzQH252DbJZQbGVC2rVLDlU/4KghnUqlrK+B0Tb/7 NgbMvisrswetV2HfSiWWq3ri6o5l77SBTEhiu9Sr5jsxsFGnR49qU9Q0fWm24zez5Vqt AIn1o6jYgdamjSHKwqlYDxB8hE/EUYxUPQcWbbsPjd3dMvkqh80ovOKufrAx/fwceD9V NuEEcOA4yvtZpkRwEWpL7Pekq6m2hFNzVEJ2w5328GsNAmgTlnXgd0XtjFPdp7XY8eUA +PLA== X-Gm-Message-State: AOJu0YwZOGEK5auwlhffROrB5phH3oe1mO387vnQ03qSAJ9+7MJ/TEhW XUQjLnCXPwh8Pe/Zkat8fuKel+ZrONnnWFKXb9kM8gX0WX3xxIM75550uRF94iRr3B7eiomNfdo dDPYw5a7RVPDCK9PpQS5Pk1uKaz57o349mBvmewkIfstEJebnmg7aZNBNDf/aEkuJCdjm1ro= X-Google-Smtp-Source: AGHT+IFwnkNxFZX2kwQWV4ktZqFKWTmi03Im+NVJQWUvTZKipgRBKBWAZNZsPktmK08zGETrwSBim99vekE= X-Received: from vvvvvv-dev.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:472]) (user=vvvvvv job=sendgmr) by 2002:a25:abd3:0:b0:d9a:5e8f:1562 with SMTP id v77-20020a25abd3000000b00d9a5e8f1562mr427743ybi.6.1700170184864; Thu, 16 Nov 2023 13:29:44 -0800 (PST) Date: Thu, 16 Nov 2023 21:29:22 +0000 Mime-Version: 1.0 X-Mailer: git-send-email 2.43.0.rc1.413.gea7ed67945-goog Message-ID: <20231116212922.4148717-1-vvvvvv@google.com> Subject: [PATCH] libdw: check offset dwarf_formstring in all cases From: vvvvvv@google.com To: elfutils-devel@sourceware.org Cc: kernel-team@android.com, maennich@google.com, vvvvvv@google.com X-Spam-Status: No, score=-19.3 required=5.0 tests=BAYES_00, DKIMWL_WL_MED, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, HK_RANDOM_FROM, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: elfutils-devel-bounces+patchwork=sourceware.org@sourceware.org From: Aleksei Vetrov This check was initially added to test if offset overflows the safe prefix where any string will be null-terminated. However the check was placed in a wrong place and didn't cover all `attrp->form` cases. * libdw/dwarf_formstring.c (dwarf_formstring): Move offset check right before returning the result. Signed-off-by: Aleksei Vetrov --- libdw/dwarf_formstring.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libdw/dwarf_formstring.c b/libdw/dwarf_formstring.c index 0ee42411..65f03a5e 100644 --- a/libdw/dwarf_formstring.c +++ b/libdw/dwarf_formstring.c @@ -173,11 +173,11 @@ dwarf_formstring (Dwarf_Attribute *attrp) off = read_4ubyte_unaligned (dbg, datap); else off = read_8ubyte_unaligned (dbg, datap); - - if (off >= data_size) - goto invalid_offset; } + if (off >= data_size) + goto invalid_offset; + return (const char *) data->d_buf + off; } INTDEF(dwarf_formstring)