Re: [PATCH] readelf, libdw: Guard against divide by zero line_range in .debug_line.

Re: [PATCH] readelf, libdw: Guard against divide by zero line_range in .debug_line.

[Mark Wielaard]

[-- Attachment #1: Type: text/plain, Size: 841 bytes --]

On Mon, Nov 24, 2014 at 02:45:05PM -0800, Roland McGrath wrote:
> Put an unlikely on all tests for bogons.

Done for all my pending bogon-detection patches and pushed them to master.

  libelf: elf_getphdrnum sanity check the returned phnum result.
  Use elf_getphdrnum instead of accessing ehdr->e_phnum directly.
  readelf: print_attributes (-A) robustify and handle non-gnu attributes.
  libelf: Copy over any leftover data from src to dest in elf_cvt_note.
  readelf: Check length for nexthdr overflow in print_debug_aranges_section.
  libelf: Change signed overflow check to unsigned in elf_getdata_rawchunk.
  libdw: Don't assert in __libdw_getabbrev when seeing bad DWARF.
  libdw: Always check __libdw_find_attr return value.
  readelf, libdw: Guard against divide by zero line_range in .debug_line.

Thanks,

Mark

Re: [PATCH] readelf, libdw: Guard against divide by zero line_range in .debug_line.

[Roland McGrath]

[-- Attachment #1: Type: text/plain, Size: 42 bytes --]

Put an unlikely on all tests for bogons.

[PATCH] readelf, libdw: Guard against divide by zero line_range in .debug_line.

[Mark Wielaard]

[-- Attachment #1: Type: text/plain, Size: 2660 bytes --]

For DW_LNS_const_add_pc and special opcodes don't accept line_range
being zero.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
 libdw/ChangeLog           | 5 +++++
 libdw/dwarf_getsrclines.c | 6 ++++++
 src/ChangeLog             | 5 +++++
 src/readelf.c             | 7 +++++++
 4 files changed, 23 insertions(+)

diff --git a/libdw/ChangeLog b/libdw/ChangeLog
index 2241c70..3e77994 100644
--- a/libdw/ChangeLog
+++ b/libdw/ChangeLog
@@ -1,3 +1,8 @@
+2014-11-24  Mark Wielaard  <mjw@redhat.com>
+
+	* dwarf_getsrclines.c (read_srclines): Check line_range is not zero
+	before usage.
+
 2014-11-23  Mark Wielaard  <mjw@redhat.com>
 
 	* dwarf_attr.c (dwarf_attr): Check __libdw_find_attr return value.
diff --git a/libdw/dwarf_getsrclines.c b/libdw/dwarf_getsrclines.c
index 15881e8..efdc00f 100644
--- a/libdw/dwarf_getsrclines.c
+++ b/libdw/dwarf_getsrclines.c
@@ -365,6 +365,9 @@ read_srclines (Dwarf *dbg,
       /* Is this a special opcode?  */
       if (likely (opcode >= opcode_base))
 	{
+	  if (line_range == 0)
+	    goto invalid_data;
+
 	  /* Yes.  Handling this is quite easy since the opcode value
 	     is computed with
 
@@ -576,6 +579,9 @@ read_srclines (Dwarf *dbg,
 	      if (unlikely (standard_opcode_lengths[opcode] != 0))
 		goto invalid_data;
 
+	      if (line_range == 0)
+		goto invalid_data;
+
 	      advance_pc ((255 - opcode_base) / line_range);
 	      break;
 
diff --git a/src/ChangeLog b/src/ChangeLog
index 19509dc..0082e65 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2014-11-24  Mark Wielaard  <mjw@redhat.com>
+
+	* readelf.c (print_debug_line_section): Check line_range is not zero
+	before usage.
+
 2014-11-23  Mark Wielaard  <mjw@redhat.com>
 
 	* readelf.c (print_debug_aranges_section): Check length to catch
diff --git a/src/readelf.c b/src/readelf.c
index ffc14fd..7573898 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -6507,6 +6507,9 @@ print_debug_line_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr,
 	  /* Is this a special opcode?  */
 	  if (likely (opcode >= opcode_base))
 	    {
+	      if (line_range == 0)
+		goto invalid_unit;
+
 	      /* Yes.  Handling this is quite easy since the opcode value
 		 is computed with
 
@@ -6682,6 +6685,10 @@ print_debug_line_section (Dwfl_Module *dwflmod, Ebl *ebl, GElf_Ehdr *ehdr,
 
 		case DW_LNS_const_add_pc:
 		  /* Takes no argument.  */
+
+		  if (line_range == 0)
+		    goto invalid_unit;
+
 		  advance_pc ((255 - opcode_base) / line_range);
 		  {
 		    char *a = format_dwarf_addr (dwflmod, 0, address, address);
-- 
1.9.3