From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 126907 invoked by alias); 24 Jan 2020 16:56:47 -0000 Mailing-List: contact dwz-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: dwz-owner@sourceware.org Received: (qmail 126894 invoked by uid 89); 24 Jan 2020 16:56:47 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.3 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.2 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,SPF_PASS autolearn=ham version=3.3.1 spammy= X-Spam-Status: No, score=-25.2 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,SPF_PASS autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org X-Spam-Level: X-HELO: mx2.suse.de X-Virus-Scanned: by amavisd-new at test-mx.suse.de Date: Wed, 01 Jan 2020 00:00:00 -0000 From: Tom de Vries To: dwz@sourceware.org, jakub@redhat.com Subject: [committed] Fix segfault in die_cu Message-ID: <20200124165640.GA12407@delia> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-SW-Source: 2020-q1/txt/msg00051.txt Hi, When running dwz in normal mode, we get an error: ... $ dwz clang-offload-bundler-10.debug -lnone dwz: clang-offload-bundler-10.debug: Couldn't find DIE referenced by \ DW_OP_GNU_implicit_pointer ... but when forcing low-mem mode, we get a segfault: ... $ dwz clang-offload-bundler-10.debug -l0 Segmentation fault (core dumped) ... In normal mode, we hit the error here: ... ref = off_htab_lookup (NULL, addr); if (ref == NULL) { error (0, 0, "%s: Couldn't find DIE referenced by %s", dso->filename, get_DW_OP_str (op)); ... but for low-mem mode, this doesn't trigger, because we find the dummy DIE that has been added by read_exprloc_low_mem_phase1. Fix this by testing for the dummy DIE in the error condition: ... - if (ref == NULL) + if (ref == NULL || (unlikely (low_mem) && ref->die_tag == 0)) ... Committed to trunk. Thanks, - Tom Fix segfault in die_cu 2020-01-24 Tom de Vries PR dwz/25456 * dwz.c (read_exprloc): Test for dummy DIE in error condition. --- dwz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dwz.c b/dwz.c index b12645d..a81e42a 100644 --- a/dwz.c +++ b/dwz.c @@ -1902,7 +1902,7 @@ read_exprloc (DSO *dso, dw_die_ref die, unsigned char *ptr, size_t len, else ptr += 4; ref = off_htab_lookup (NULL, addr); - if (ref == NULL) + if (ref == NULL || (unlikely (low_mem) && ref->die_tag == 0)) { error (0, 0, "%s: Couldn't find DIE referenced by %s", dso->filename, get_DW_OP_str (op));