From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 110238 invoked by alias); 27 Jun 2018 23:42:33 -0000 Mailing-List: contact elfutils-devel-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: elfutils-devel-owner@sourceware.org Received: (qmail 110208 invoked by uid 89); 27 Jun 2018 23:42:32 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.4 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.4 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_NUMSUBJECT,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=cie, strangely X-Spam-Status: No, score=-26.4 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_NUMSUBJECT,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: gnu.wildebeest.org Received: from wildebeest.demon.nl (HELO gnu.wildebeest.org) (212.238.236.112) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 27 Jun 2018 23:42:30 +0000 Received: from librem.wildebeest.org (deer0x15.wildebeest.org [172.31.17.151]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 02F2330007B0; Thu, 28 Jun 2018 01:42:27 +0200 (CEST) Received: by librem.wildebeest.org (Postfix, from userid 1000) id 88CA8143717; Thu, 28 Jun 2018 01:42:27 +0200 (CEST) Date: Wed, 27 Jun 2018 23:42:00 -0000 From: Mark Wielaard To: Sasha Da Rocha Pinheiro Cc: "elfutils-devel@sourceware.org" Subject: Re: dwarf_next_cfi returns -1 Message-ID: <20180627234227.GC32460@wildebeest.org> References: <1528198037.12946.56.camel@klomp.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="1yeeQ81UyVL57Vl7" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.0 (2018-05-17) X-Spam-Flag: NO X-IsSubscribed: yes X-SW-Source: 2018-q2/txt/msg00264.txt.bz2 --1yeeQ81UyVL57Vl7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-length: 851 On Wed, Jun 27, 2018 at 11:01:25PM +0000, Sasha Da Rocha Pinheiro wrote: > This is a binary that infinite loops with dwarf_next_cfi -1 because the offset is not updated. > https://rice.box.com/s/yzul9oavplq1qdx12ozjpgssawea36xy > > A fix was done by saving the previous *next_off and comparing with the current, after getting -1 in the return value. That is probably the best way to handle that. Looking at the file I see it has (multiple) zero terminators, that dwarf_next_cfi seems to not handle. Strangely these aren't described in the Dwarf spec, but they are mentioned in the LSB exception frames spec: https://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/ehframechpt.html#EHFRAME Totally untested patch attached. If you could test it that would be wonderful. I'll write a proper testcase tomorrow. Thanks, Mark --1yeeQ81UyVL57Vl7 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=patch Content-length: 919 diff --git a/libdw/dwarf_next_cfi.c b/libdw/dwarf_next_cfi.c index 53fc3697..fa28d99b 100644 --- a/libdw/dwarf_next_cfi.c +++ b/libdw/dwarf_next_cfi.c @@ -54,6 +54,7 @@ dwarf_next_cfi (const unsigned char e_ident[], we don't know yet whether this is a 64-bit object or not. */ || unlikely (off + 4 >= data->d_size)) { + done: *next_off = (Dwarf_Off) -1l; return 1; } @@ -79,6 +80,13 @@ dwarf_next_cfi (const unsigned char e_ident[], } length = read_8ubyte_unaligned_inc (&dw, bytes); } + + /* Not explicitly in the DWARF spec, but mentioned in the LSB exception + frames (.eh_frame) spec. If Length contains the value 0, then this + CIE shall be considered a terminator and processing shall end. */ + if (length == 0) + goto done; + if (unlikely ((uint64_t) (limit - bytes) < length) || unlikely (length < offset_size + 1)) goto invalid; --1yeeQ81UyVL57Vl7--