* [PATCH] tests: Limit varlocs print_expr_block recursion depth.
@ 2018-06-26 14:50 Mark Wielaard
2018-06-29 8:56 ` Mark Wielaard
0 siblings, 1 reply; 2+ messages in thread
From: Mark Wielaard @ 2018-06-26 14:50 UTC (permalink / raw)
To: elfutils-devel; +Cc: Mark Wielaard
This is only useful for bad DWARF where an expression block might have
an expression that refers to a DIE that contains the expression block
itself. But that might happen with bad DWARF generated by a fuzzer.
Signed-off-by: Mark Wielaard <mark@klomp.org>
---
tests/ChangeLog | 7 +++++++
tests/varlocs.c | 30 +++++++++++++++++-------------
2 files changed, 24 insertions(+), 13 deletions(-)
diff --git a/tests/ChangeLog b/tests/ChangeLog
index c494286..8259725 100644
--- a/tests/ChangeLog
+++ b/tests/ChangeLog
@@ -1,3 +1,10 @@
+2018-06-23 Mark Wielaard <mark@klomp.org>
+
+ * varlocs.c (print_expr): Take a new depth argument. Check it isn't
+ greater than MAX_DEPTH (64). Pass on to print_expr_block.
+ (print_expr_block): Take a new depth argument. Pass it to print_expr.
+ (print_expr_block_addrs): Call print_expr_block with zero depth.
+
2018-06-16 Yonghong Song <yhs@fb.com>
* run-reloc-bpf.sh: New test.
diff --git a/tests/varlocs.c b/tests/varlocs.c
index f4a711c..2512439 100644
--- a/tests/varlocs.c
+++ b/tests/varlocs.c
@@ -164,16 +164,16 @@ dwarf_opcode_string (unsigned int code)
}
// Forward reference for print_expr_block.
-static void print_expr (Dwarf_Attribute *, Dwarf_Op *, Dwarf_Addr);
+static void print_expr (Dwarf_Attribute *, Dwarf_Op *, Dwarf_Addr, int);
static void
print_expr_block (Dwarf_Attribute *attr, Dwarf_Op *exprs, int len,
- Dwarf_Addr addr)
+ Dwarf_Addr addr, int depth)
{
printf ("{");
for (int i = 0; i < len; i++)
{
- print_expr (attr, &exprs[i], addr);
+ print_expr (attr, &exprs[i], addr, depth);
printf ("%s", (i + 1 < len ? ", " : ""));
}
printf ("}");
@@ -185,13 +185,17 @@ print_expr_block_addrs (Dwarf_Attribute *attr,
Dwarf_Op *exprs, int len)
{
printf (" [%" PRIx64 ",%" PRIx64 ") ", begin, end);
- print_expr_block (attr, exprs, len, begin);
+ print_expr_block (attr, exprs, len, begin, 0);
printf ("\n");
}
static void
-print_expr (Dwarf_Attribute *attr, Dwarf_Op *expr, Dwarf_Addr addr)
+print_expr (Dwarf_Attribute *attr, Dwarf_Op *expr, Dwarf_Addr addr, int depth)
{
+#define MAX_DEPTH 64
+ if (depth++ > MAX_DEPTH)
+ error (EXIT_FAILURE, 0, "print_expr recursion depth exceeded");
+
uint8_t atom = expr->atom;
const char *opname = dwarf_opcode_string (atom);
assert (opname != NULL);
@@ -274,7 +278,7 @@ print_expr (Dwarf_Attribute *attr, Dwarf_Op *expr, Dwarf_Addr addr)
addr, dwarf_errmsg (-1));
if (cfa_nops < 1)
error (EXIT_FAILURE, 0, "dwarf_frame_cfa no ops");
- print_expr_block (NULL, cfa_ops, cfa_nops, 0);
+ print_expr_block (NULL, cfa_ops, cfa_nops, 0, depth);
free (frame);
}
else if (is_ET_REL || is_debug)
@@ -343,7 +347,7 @@ print_expr (Dwarf_Attribute *attr, Dwarf_Op *expr, Dwarf_Addr addr)
dwarf_errmsg (-1));
printf ("%s([%" PRIx64 "]) ", opname, dwarf_dieoffset (&call_die));
- print_expr_block (&call_attr, call_ops, call_len, addr);
+ print_expr_block (&call_attr, call_ops, call_len, addr, depth);
}
break;
@@ -458,7 +462,7 @@ print_expr (Dwarf_Attribute *attr, Dwarf_Op *expr, Dwarf_Addr addr)
if (locs == 0)
printf ("<no location>"); // This means "optimized out".
else if (locs == 1)
- print_expr_block (&attrval, exprval, exprval_len, addr);
+ print_expr_block (&attrval, exprval, exprval_len, addr, depth);
else
error (EXIT_FAILURE, 0,
"dwarf_getlocation_addr attrval at addr 0x%" PRIx64
@@ -498,7 +502,7 @@ print_expr (Dwarf_Attribute *attr, Dwarf_Op *expr, Dwarf_Addr addr)
if (locs == 0)
printf ("<no location>"); // This means "optimized out".
else if (locs == 1)
- print_expr_block (&attrval, exprval, exprval_len, addr);
+ print_expr_block (&attrval, exprval, exprval_len, addr, depth);
else
error (EXIT_FAILURE, 0,
"dwarf_getlocation_addr attrval at addr 0x%" PRIx64
@@ -527,7 +531,7 @@ print_expr (Dwarf_Attribute *attr, Dwarf_Op *expr, Dwarf_Addr addr)
dwarf_errmsg (-1));
printf ("%s(%zd) ", opname, entry_len);
- print_expr_block (attr, entry_ops, entry_len, addr);
+ print_expr_block (attr, entry_ops, entry_len, addr, depth);
}
break;
@@ -723,7 +727,7 @@ print_varlocs (Dwarf_Die *funcdie)
if (entrypc == 0)
printf ("XXX zero address"); // XXX bad DWARF?
else
- print_expr_block (&fb_attr, fb_expr, fb_exprlen, entrypc);
+ print_expr_block (&fb_attr, fb_expr, fb_exprlen, entrypc, 0);
printf ("\n");
}
else
@@ -736,7 +740,7 @@ print_varlocs (Dwarf_Die *funcdie)
&fb_expr, &fb_exprlen)) > 0)
{
printf (" (%" PRIx64 ",%" PRIx64 ") ", start, end);
- print_expr_block (&fb_attr, fb_expr, fb_exprlen, start);
+ print_expr_block (&fb_attr, fb_expr, fb_exprlen, start, 0);
printf ("\n");
}
@@ -940,7 +944,7 @@ handle_attr (Dwarf_Attribute *attr, void *arg)
if (res == 0)
{
printf (" ");
- print_expr_block (attr, expr, exprlen, entrypc);
+ print_expr_block (attr, expr, exprlen, entrypc, 0);
printf ("\n");
printed = true;
}
--
1.8.3.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] tests: Limit varlocs print_expr_block recursion depth.
2018-06-26 14:50 [PATCH] tests: Limit varlocs print_expr_block recursion depth Mark Wielaard
@ 2018-06-29 8:56 ` Mark Wielaard
0 siblings, 0 replies; 2+ messages in thread
From: Mark Wielaard @ 2018-06-29 8:56 UTC (permalink / raw)
To: elfutils-devel
On Tue, 2018-06-26 at 16:50 +0200, Mark Wielaard wrote:
> This is only useful for bad DWARF where an expression block might have
> an expression that refers to a DIE that contains the expression block
> itself. But that might happen with bad DWARF generated by a fuzzer.
Pushed to master.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-06-29 8:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-26 14:50 [PATCH] tests: Limit varlocs print_expr_block recursion depth Mark Wielaard
2018-06-29 8:56 ` Mark Wielaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).