From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 124798 invoked by alias); 7 Mar 2019 10:59:57 -0000 Mailing-List: contact dwz-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: dwz-owner@sourceware.org Received: (qmail 124767 invoked by uid 89); 7 Mar 2019 10:59:56 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.1 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,SPF_PASS autolearn=ham version=3.3.1 spammy= X-Spam-Status: No, score=-25.1 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,SPF_PASS autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org X-Spam-Level: X-HELO: mx1.suse.de X-Virus-Scanned: by amavisd-new at test-mx.suse.de Subject: Re: [PATCH] Error out on invalid locexpr length From: Tom de Vries To: jakub@redhat.com References: <20190307071254.GA20914@delia> Cc: dwz@sourceware.org Message-ID: <161a757e-f14d-b801-9d64-73c5b1b2597f@suse.de> Date: Tue, 01 Jan 2019 00:00:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 MIME-Version: 1.0 In-Reply-To: <20190307071254.GA20914@delia> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-SW-Source: 2019-q1/txt/msg00097.txt.bz2 On 07-03-19 08:12, Tom de Vries wrote: > Hi, > > When invoking dwz with a file containing an invalid locexpr length, we can run > into this assertion: > ... > dwz: dwz.c:1722: read_loclist: Assertion `ptr + len <= endsec' failed. > Aborted (core dumped) > ... > To address your questions about origin of test-cases, in this case it's dw2-skip-prologue.S ( https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob;f=gdb/testsuite/gdb.dwarf2/dw2-skip-prologue.S;h=cef6e6df12940744c1bc19c9e76fbeb762f80087;hb=HEAD ). AFAIU, the invalid dwarf is hand-coded, and fixed by: ... diff --git a/gdb/testsuite/gdb.dwarf2/dw2-skip-prologue.S b/gdb/testsuite/gdb.dwarf2/dw2-skip-prologue.S index cef6e6df12..a55699fdc6 100644 --- a/gdb/testsuite/gdb.dwarf2/dw2-skip-prologue.S +++ b/gdb/testsuite/gdb.dwarf2/dw2-skip-prologue.S @@ -123,7 +123,7 @@ .section .debug_loc loclist: /* Reset the location list base address first. */ - .4byte -1, 0 + PTRBYTE -1, 0 PTRBYTE func_start, func_end .2byte 2f-1f ... Thanks, - Tom > Change the assert into an error: > ... > dwz: a.out: locexpr length 0x4ef exceeds .debug_loc section > ... > > OK for trunk? > > Thanks, > - Tom > > Error out on invalid locexpr length > > 2019-02-14 Tom de Vries > > PR dwz/24172 > * dwz.c (read_loclist): Change assert (ptr + len <= endsec) into an > error. > > --- > dwz.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/dwz.c b/dwz.c > index 4ef8657..a876ab2 100644 > --- a/dwz.c > +++ b/dwz.c > @@ -1719,7 +1719,13 @@ read_loclist (DSO *dso, dw_die_ref die, GElf_Addr offset) > continue; > > len = read_16 (ptr); > - assert (ptr + len <= endsec); > + if (!(ptr + len <= endsec)) > + { > + error (0, 0, > + "%s: locexpr length 0x%Lx exceeds .debug_loc section", > + dso->filename, (long long) len); > + return 1; > + } > > if (read_exprloc (dso, die, ptr, len, &need_adjust)) > return 1; >