bpf_disasm format strings vs FORTIFY_SOURCE

bpf_disasm format strings vs FORTIFY_SOURCE

[Mark Wielaard]

[-- Attachment #1: Type: text/plain, Size: 1405 bytes --]

Hi Richard, elfutils hackers,

Fedora builds everything with -D_FORTIFY_SOURCE=2 which catches an issue
with the bpf_disasm.c printf format strings. It can most easily be seen
by compiling with CFLAGS="-g -Og -D_FORTIFY_SOURCE=2" and running the
objdump testcase from run-disasm-bpf.sh. It will crash with:
*** invalid %N$ use detected ***

This is caused by the following restriction on using the %N$ argument
selection:

  There may be no gaps in the numbers of arguments specified using '$';
  for example, if  arguments  1  and  3 are specified, argument 2 must
  also be specified somewhere in the format string.

(from man 3 printf)

Of course that is precisely the point of using the %N$ arguments in the
bpf format strings. Only use those arguments relevant for the instruction.

I was hoping there was some trick to include the other arguments anyway,
but give them a zero width or something, so they aren't actually included
in the output. But there doesn't seem to be a way.

Alternatively rearranging the arguments so optionally unused
arguments always come last also doesn't seem easily possible since
different instructions use different combinations of the dst_reg,
src_reg, imm, off or jmp label.

Maybe splitting the formats and arguments per instruction class
might help?

Does anybody see a trick to get around this format restriction?

Cheers,

Mark

Re: bpf_disasm format strings vs FORTIFY_SOURCE

[Richard Henderson]

[-- Attachment #1: Type: text/plain, Size: 279 bytes --]

On 08/08/2016 04:39 AM, Mark Wielaard wrote:
> Does anybody see a trick to get around this format restriction?

Ug, I'd forgotten about that restriction (unhelped by the code happening to 
work for x86_64).  And no, I don't see a way around it.

I'll work on a fix.


r~