From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (wildebeest.demon.nl [212.238.236.112]) by sourceware.org (Postfix) with ESMTPS id 01C18385783A for ; Wed, 14 Oct 2020 10:37:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 01C18385783A Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=mark@klomp.org Received: from librem (deer0x15.wildebeest.org [172.31.17.151]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id B51EA30291AC; Wed, 14 Oct 2020 12:37:43 +0200 (CEST) Received: by librem (Postfix, from userid 1000) id A6AADC04CD; Wed, 14 Oct 2020 12:36:55 +0200 (CEST) Date: Wed, 14 Oct 2020 12:36:55 +0200 From: Mark Wielaard To: buildbot@builder.wildebeest.org Cc: dwz@sourceware.org Subject: Re: Buildbot failure in Wildebeest Builder on whole buildset Message-ID: <20201014103655.GA5751@wildebeest.org> References: <20201013212927.90B519100EE@builder.wildebeest.org> <20201013222039.GB17609@wildebeest.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="FCuugMFkClbJLl1L" Content-Disposition: inline In-Reply-To: <20201013222039.GB17609@wildebeest.org> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-11.8 required=5.0 tests=BAYES_00, GIT_PATCH_0, JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: dwz@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Dwz mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Oct 2020 10:37:46 -0000 --FCuugMFkClbJLl1L Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, On Wed, Oct 14, 2020 at 12:20:39AM +0200, Mark Wielaard wrote: > So that is obviously my last commit. Sorry. All three buildbot workers > fail on the same testcase pr25109.sh which is no-multifile-prop. That > testcase has an empty debug_line and no decl/call_files. It still > generates a .debug_line entry (and because no files have been seen, it > produces a DWARF5 line table, which might be a bug in itself). I don't > yet understand why this fails on ppc64, ppc64le and arm64 only and not > on any other arch. Still investigating. That was fun. It was a buffer overflow causing some on stack variables to change values, but for some reason only on ppc64, ppc64 and arm64. But it should have caused issues on all arches. Pushed to attached fix. Cheers, Mark --FCuugMFkClbJLl1L Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="0001-Fix-buffer-overflow-in-write_multifile_line.patch" >From babfff7baedefd5830340e2ad583b7732a895c49 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Wed, 14 Oct 2020 12:30:27 +0200 Subject: [PATCH] Fix buffer overflow in write_multifile_line. When writing out a "header only" .debug_line we use a small static buffer on the stack. Make sure this buffer is large enough to contain a DWARF5 empty line table header. ChangeLog: * dwz.c (write_multi_line): Extend buf to 45 chars. Add assert to check buf is large enough. --- dwz.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/dwz.c b/dwz.c index 1e6ec26..f8f2910 100644 --- a/dwz.c +++ b/dwz.c @@ -14304,7 +14304,7 @@ write_multifile_line (void) struct line_entry **filearr = NULL; struct line_stats line_stats; unsigned int *diridx = NULL, *dirarr = NULL; - unsigned char buf[17]; + unsigned char buf[45]; /* Max header_len, see below. */ int ret = 0; line_stats.has_time = line_stats.has_size = false; @@ -14430,7 +14430,10 @@ write_multifile_line (void) } if (len == header_len) - line = buf; + { + line = buf; + assert (sizeof (buf) >= header_len); + } else line = (unsigned char *) obstack_alloc (&ob, len); } -- 2.20.1 --FCuugMFkClbJLl1L--