From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by sourceware.org (Postfix) with ESMTPS id 9ADD0385B50A for ; Tue, 10 Jan 2023 13:01:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9ADD0385B50A Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=oracle.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=oracle.com Received: from pps.filterd (m0333521.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30ABqoFw006427 for ; Tue, 10 Jan 2023 13:01:11 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : subject : date : message-id : in-reply-to : references : content-transfer-encoding : content-type : mime-version; s=corp-2022-7-12; bh=o5Ivwsmnid11IgsMQSlnVNc5vfRgKIgFfY7tG5aeELE=; b=1DAne2L2V4PRuffK8TwY/QPw6DaEs937JnxDRSXhmynkw4bGQSzcwfkqdj7JRPg6QlZC TO3ilffmWjYX0ByyCsGIFzeaE2FFjVnQP0HhNmdlX8W4IavpbfOCw79cNuR/hH5Ozgeh kp/Pud2++TIWMxRvTWKQj2szX55crWhxe/JYW5Chxy/qqA7V5rYaGoS5xbM8Z8ZdRC/G FtmtQkEnF5f6vlr7YYM0FmrJqdaXEkR+/70lo9jtK6nTcXOGixDGxOkXpcK+7C0YEoIf udsgsx0jRDeUM6SV7OYEESkLZ8FHDIb1lQTMp72NMiuhopeJmTR+2p9dQOGgBEr1X2l0 vQ== Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.appoci.oracle.com [138.1.37.129]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3n173bg5xp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 10 Jan 2023 13:01:11 +0000 Received: from pps.filterd (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 30AClI64036598 for ; Tue, 10 Jan 2023 13:01:10 GMT Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2175.outbound.protection.outlook.com [104.47.57.175]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3n17dd2wvj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 10 Jan 2023 13:01:10 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EX+zpe2AurzmFRbFu7kByzyMZp3XN2osFv4G2TFtZg0mk861m5sFwI0pED/jWASYuLnYQLzvLFdfUn/UhoAq9TyuzrJV9RhGhpTeRWTqfHVl6PpAbtKOt19bjvL9Tz4ZKaRtXa6+OMyMJ4KUQlrh6QuC7Tl25M5vZ9Mp8CFzpbi/jEvBFGsMSqHJIXQ3rNBb5UziPj10DlwZWvU0311nWkY2/FjybHUDhuPQKqoLXzu7fVw3y4DGibWoABR39+ZybK7mm5ge7SVFAxk1UW3Z4qDmeuUOsDS8oSOW0tDAPUKXIUSAqg090s0Xy/f+O8oy6IAl1t80BO3lg//xmJXhjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=o5Ivwsmnid11IgsMQSlnVNc5vfRgKIgFfY7tG5aeELE=; b=kg2KPoCbfhWRY4YSi7ydyQx7uG+sp/a2xJgCNleBxtdp0AkMT7a0EX73vJ6QZ+t1fl+Wf+0cCB86PKV7QVk2vLB3ijUvIUZ1hw/g9x9MLIeWdCjUe80yI07suukc5vgWAJ/w6FkuhmiUq0h2qyijLMyK822N1eRV/nDnG4SVoXkL7k2ACCsTtmAaJEnlQf9H6h93WnNyG0i7Jsbs5X8fGpA7s6mhl1Vcs5wefGNFmK+j8FrWJfb77E9Oj69RdkGmiReQZ5Ivg7DvrQmIwHuqNIa2ER+O1/uNvCaWLau60YB79zhZR8s0a+oy2wTAUY9Fgpd8luU4I6wzWNcPWgYpVg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o5Ivwsmnid11IgsMQSlnVNc5vfRgKIgFfY7tG5aeELE=; b=KnUF6bBNxpajmga15J46LJGIw3r1TiAZ5SOueaXHRehidwKADpLN69VjXxqGjpMEDrKbU+fj/fFDOzqS1ayKXlxnd1xB6Xjn42VpBrrvX+CWpB9kphOeTfJkW7A2BpRAUBsXN5cEEwRdLXvOl6VZgSUmL2p+ZGcVol6Shs4a2yE= Received: from DS0PR10MB6798.namprd10.prod.outlook.com (2603:10b6:8:13c::20) by DS7PR10MB5198.namprd10.prod.outlook.com (2603:10b6:5:3a5::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.12; Tue, 10 Jan 2023 13:01:08 +0000 Received: from DS0PR10MB6798.namprd10.prod.outlook.com ([fe80::b30f:e3aa:6ba:5c8d]) by DS0PR10MB6798.namprd10.prod.outlook.com ([fe80::b30f:e3aa:6ba:5c8d%5]) with mapi id 15.20.6002.009; Tue, 10 Jan 2023 13:01:08 +0000 From: Nick Alcock To: binutils@sourceware.org Subject: [PATCH v2 3/3] libctf: ctf-link outdated input check faulty Date: Tue, 10 Jan 2023 13:00:50 +0000 Message-Id: <20230110130050.366404-4-nick.alcock@oracle.com> X-Mailer: git-send-email 2.39.0.267.g7648178303 In-Reply-To: <20230110130050.366404-1-nick.alcock@oracle.com> References: <20230110130050.366404-1-nick.alcock@oracle.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: LO4P265CA0187.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:311::16) To DS0PR10MB6798.namprd10.prod.outlook.com (2603:10b6:8:13c::20) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS0PR10MB6798:EE_|DS7PR10MB5198:EE_ X-MS-Office365-Filtering-Correlation-Id: f4b8ff25-82ef-48a7-dd65-08daf30abdc7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: YjsVgxo1xrEgdviogH0ABA7flqimnGWWM4IrfQFU3/md+d5hfFyjdEUuH7n+ZaX1npmImjPbjfRFRa2Ej7qrFz2wyELb4T1aHQLdS9mBH++TQ50HWeIvGzGLVx2aGvmWS3bR4c7JKn0TuTMtL5WQOu13DzkgXEze9oT14YacL/jegE4EVtQaFqh9EnispzPPP9Klk5JrnN5mgBoPASEWZUokfc49QfpmGWbiHu2O6XF5w6lJKRN5vfFDDcd12DMkACIQGvg5bdObLBleQVh0RNF2g080FHwodYFIB1f+JsrzARTTRu3vPNAzHdhCY1ywbCkjJmGHz3t/HvNSqpQuOmmOe8ZSvVOUhE7NGAPXE3LQCxivouqqpGsDiX2ZNRH2vDVS3wc9K7IxPIqFp36Ig6pyGE3Mb7oE78AqCYk8zJJR47VUKz2EnRxAJ5QuTe7HJJRwh9ZP/XEp9iKSiOpZEAYazGaetjsxop8/M2gVEzcdbDmwpZ7GOp5l0np9h2fjc+kGbUCdQ7HuVkxsOSmeGrs2EhV6d7IUnxfmwS8R5vL6zjxdvFfIRmV36XXgoibydad7F1P81jjC2rH03WukYWmDNDuz9WpbSP0L2tqxAIkAHHW42RTVZwWnPq/ZNLEyTDBqhvrAryZFhtowE+Ga9Q== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR10MB6798.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(136003)(366004)(376002)(396003)(39860400002)(346002)(451199015)(6506007)(38100700002)(2906002)(6666004)(6486002)(1076003)(6512007)(186003)(44832011)(5660300002)(2616005)(316002)(478600001)(83380400001)(8936002)(86362001)(36756003)(41300700001)(8676002)(66946007)(6916009)(66556008)(66476007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?lBrmkScxZocPKsqPgjWq+/wr5ulGMyVjmfUYQKvOPb6aWQoKxeTQdVRsB9Za?= =?us-ascii?Q?b8XuWYFP2K36RLZj09ZIF7IVaXjnYcnJugmlU5DvFl+5wa9XHIKuT9hmP3MT?= =?us-ascii?Q?CLl+xjErQaL4iQ8DQg957vpoYzYDHmS6izg8F0d9nIMhXsc4tZy+6QGsCqem?= =?us-ascii?Q?HNJzPuwEuIi+JraVJug0Hj+Tm3waGHy3WurUEeX1FmnjLVKYRwipW/nzuWr2?= =?us-ascii?Q?fjU1OmgOgnAwzli3zOWvC2Q3Vn8/pcojKiY2SKfWksoawp7VC72AqnBlfRO1?= =?us-ascii?Q?MY2mhXSoiHgtX5pr+VpajISVBkzbEJ5u/xhPiaUqs++2sbREtI8rcEBeS0Or?= =?us-ascii?Q?r8Inz1FZ3NfoHMUtc1CZljy6K68FpfdEN9EHkvcpmdeFZaMsM3NRS5/TY5JT?= =?us-ascii?Q?qrUAz+CR8JOg34wd1CvCS1BduCV//f9X1iaqUhxFBqbA1d8pf5O7s9n/46yk?= =?us-ascii?Q?jnYcz3di0eODMzo1Kgse/LKULTu5xxmBR/xFsHVLJOqsO5euELR0KRR+gYIO?= =?us-ascii?Q?PtXvohMId75EYUUcw/3MVt4Gupaz1t9+6HLvchJJ1zfkFBHpkC5f9SD3N3+q?= =?us-ascii?Q?vEEy2zhvRq4OFAWdcnnR7lXeKZl5kjbBEnFXfjdl8XRlERGuiQjPy6aVEX9v?= =?us-ascii?Q?y8n4HNJeO7SfWH8TsHb7bVMjO0rymdUopVxqqj1D6AiKbURgkK816IGyAwmH?= =?us-ascii?Q?ZYRkoP2lm8lPB2tUFgJCktxzQVtD0aFmH80FKFlRASf3XYUpMpuf1p0Bimd7?= =?us-ascii?Q?4Qc5JQrgvuCz0/b5Ge7eok5Q36Sd8RG8MGzD0TKO9wPeLhk8UEYlSgSR8C+n?= =?us-ascii?Q?WbLziJqQiCdd25oV0wL+q0Q/aNeg1fAWolsacjM99bUHlxRQPlnFCL5hVZbg?= =?us-ascii?Q?14HtFJHaGZ9B97VitY5X7J9XEF2MpTNx0Ql+MB5kfhpJmu5WwBQC5WcRNha2?= =?us-ascii?Q?fkzJdnA/3pI9QWA3lA6asPhSioK4ssxS0X/ceOtHMydjNqwf+/P8h6MIfUGA?= =?us-ascii?Q?uGobHpqfb04uYMIIhpltJozRRX5DWHsLw3vDntNMzoeZF2zcFQ+/nEXW4/MY?= =?us-ascii?Q?NsJs+ETMgbF5aHPG7D00HI/S0FCfQJHc34DGt3Lmi2xX85g7jHU8Gr5qwT59?= =?us-ascii?Q?s7G7SDd+U/AzF8xofKpssaBcIKXyXvVWlqvgW/t6geU+uQC7Tw8crVIz9D5T?= =?us-ascii?Q?F5GlGZoSCZ/pmUwWVNeDmQmvaZ5Sk9RcbIxyZXLUyRy7dUH1QF9qcZqDRYgU?= =?us-ascii?Q?4NccCTh4RZfiYDV4SI1q1w5HP8tRVxNTheZOkBI+pygGWamkxv+r1empP1QP?= =?us-ascii?Q?MKDh1c44spWYzxRZ+9P05H+QTSpFb/GOQyw8RgwaWpYnZAqrCZYbIJfSHskW?= =?us-ascii?Q?TytF9MTWvYNfjN7DnQ+R319R6mSe365s0xTG09f7099hZTIkfBwmKxt5XOGc?= =?us-ascii?Q?KkBiDZyY4Hp3cGLgsVfyR/UtqVpjeL5927xMZbf4TE7imxd6j+LKAeNuLfre?= =?us-ascii?Q?nb3TIeXsOrNDaaUgjlJwqNr4Fb5U3djEW9CJkULjjeGm6UIxu7wUR+3Xw+aX?= =?us-ascii?Q?CCgiLXjeeQdUeR+F1TezjpRB285JFRmKphtJKL33JsaxFITor5NsmAezibJT?= =?us-ascii?Q?gA=3D=3D?= X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: wHIq5qOO3E29pRz0/ld5cu7W1ZWfKO+3UdL4X2E/1hvKJwJCtREJpenYjhBx5eL/kxE2Si8/tXlCH/h/Qkdra8xd1WQC3vugiGf5b+Y41qdHBsTdqIKx0WWZAjahBQ0+4udNJ7zFy7I8GvIr8ULOPKMet3pyAkVKulRsOhCSv0w1nUE8omSE1n9rL+UgT22QwH1UTIU7fK5SqmNnNvfu44Ckd+JgcB9fOvKD4zeBnwnaZVlUF3siYA+KbgLxDFB3GM4QqSJfiyeeC8JZ5cs93pEOKzkwB5ddlGFvWy50mag5D3eLztTsN4R3evNJp2Owo+gTWE3GhZAMD0qLJVGfxn7qoSD9DMnLYYjqKE2SaFxDfBup87UjnZb6HNvJ0RyEclRouhh8qrcQwNjkS8cJiChrbzIQNEkagonGQjbFZKttb2MOtV8CKAeyBXcez67WsxTxfEpomPqGJ7nFMTuaYXKw9Hud2yyOP6Z0+RkMHZ0hNY0N6vB+/mi7QMJrFCO+4WW1iWRnBNugpDs9ZamhHgr2jsQMiZhdFLjiVVtgylRh6qF+C1XLZIQc5vMgb6q8KUjRPPOjffT9e+eGHXl3407H6DPby8BVC8XvdRF4asY4C0VwPzYvdlrN0HIEhumolq6/rYPkIwM8Ti9xHq47BN/XMhJhvPi5NBDC6hVjcb+deadUDX3V2OqzDibcfZki7glPYzuJSlBEnbjaf7Zt9fqzXqtTDJfJACtD1R63fMQTVDhGnenPgCSG2+v/wL9/ X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: f4b8ff25-82ef-48a7-dd65-08daf30abdc7 X-MS-Exchange-CrossTenant-AuthSource: DS0PR10MB6798.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jan 2023 13:01:08.6342 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ixmHnXCMErat0IbVnUUN31RyrnHT0ZGZsVrzJv+a5jCk0EmUnXLNh21gCOEuLBSRll4Yno9dRDqZU0kiNVoXvg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR10MB5198 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.923,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2023-01-10_04,2023-01-10_03,2022-06-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 phishscore=0 mlxscore=0 adultscore=0 suspectscore=0 spamscore=0 bulkscore=0 mlxlogscore=861 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301100080 X-Proofpoint-GUID: o41Q4Uc8p93LQVDwUFvu4BlE5VDGg8eS X-Proofpoint-ORIG-GUID: o41Q4Uc8p93LQVDwUFvu4BlE5VDGg8eS X-Spam-Status: No, score=-11.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: This check has a pair of faults which, combined, can lead to memory corruption. Firstly, it assumes that the values of the ctf_link_inputs hash are ctf_dict_t's: they are not, they are ctf_link_input_t's, a much shorter structure. So the flags check which is the core of this is faulty (but happens, by chance, to give the right output on most architectures, since usually we happen to get a 0 here, so the test that checks this usually passes). Worse, the warning that is emitted when the test fails is added to the wrong dict -- it's added to the input dict, whose warning list is never consumed, rendering the whole check useless. But the dict it adds to is still the wrong type, so we end up overwriting something deep in memory (or, much more likely, dereferencing a garbage pointer and crashing). Fixing both reveals another problem: the link input is an *archive* consisting of multiple members, so we have to consider whether to check all of them for the outdated-func-info thing we are checking here. However, no compiler exists that emits a mixture of members with this flag on and members with it off, and the linker always reserializes (and upgrades) such things when it sees them: so all members in a given archive must have the same value of the flag, so we only need to check one member per input archive. libctf/ PR libctf/29983 * ctf-link.c (ctf_link_warn_outdated_inputs): Get the types of members of ctf_link_inputs right, fixing a possible spurious tesst failure / wild pointer deref / overwrite. Emit the warning message into the right dict. --- libctf/ctf-link.c | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/libctf/ctf-link.c b/libctf/ctf-link.c index 2837168b2a6..df8fa3b9d9b 100644 --- a/libctf/ctf-link.c +++ b/libctf/ctf-link.c @@ -1848,19 +1848,42 @@ ctf_link_warn_outdated_inputs (ctf_dict_t *fp) { ctf_next_t *i = NULL; void *name_; - void *ifp_; + void *input_; int err; - while ((err = ctf_dynhash_next (fp->ctf_link_inputs, &i, &name_, &ifp_)) == 0) + while ((err = ctf_dynhash_next (fp->ctf_link_inputs, &i, &name_, &input_)) == 0) { const char *name = (const char *) name_; - ctf_dict_t *ifp = (ctf_dict_t *) ifp_; + ctf_link_input_t *input = (ctf_link_input_t *) input_; + ctf_next_t *j = NULL; + ctf_dict_t *ifp; + int err; + + /* We only care about CTF archives by this point: lazy-opened archives + have always been opened by this point, and short-circuited entries have + a matching corresponding archive member. Entries with NULL clin_arc can + exist, and constitute old entries renamed via a name changer: the + renamed entries exist elsewhere in the list, so we can just skip + those. */ + + if (!input->clin_arc) + continue; + + /* All entries in the archive will necessarily contain the same + CTF_F_NEWFUNCINFO flag, so we only need to check the first. We don't + even need to do that if we can't open it for any reason at all: the + link will fail later on regardless, since an input can't be opened. */ + + ifp = ctf_archive_next (input->clin_arc, &j, NULL, 0, &err); + if (!ifp) + continue; + ctf_next_destroy (j); if (!(ifp->ctf_header->cth_flags & CTF_F_NEWFUNCINFO) && (ifp->ctf_header->cth_varoff - ifp->ctf_header->cth_funcoff) > 0) - ctf_err_warn (ifp, 1, 0, _("linker input %s has CTF func info but uses " - "an old, unreleased func info format: " - "this func info section will be dropped."), + ctf_err_warn (fp, 1, 0, _("linker input %s has CTF func info but uses " + "an old, unreleased func info format: " + "this func info section will be dropped."), name); } if (err != ECTF_NEXT_END) -- 2.39.0.267.g7648178303