From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 9844E3858426 for ; Fri, 6 Oct 2023 12:03:43 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9844E3858426 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from r6.localdomain (82-217-174-174.cable.dynamic.v4.ziggo.nl [82.217.174.174]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 2BF4A30067D1; Fri, 6 Oct 2023 14:03:41 +0200 (CEST) Received: by r6.localdomain (Postfix, from userid 1000) id 2B4323403F5; Fri, 6 Oct 2023 14:03:40 +0200 (CEST) From: Mark Wielaard To: elfutils-devel@sourceware.org Cc: Mark Wielaard Subject: [PATCH] libdw: Skip zero entries in aranges Date: Fri, 6 Oct 2023 14:03:29 +0200 Message-ID: <20231006120329.340788-1-mark@klomp.org> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3033.6 required=5.0 tests=BAYES_00,GIT_PATCH_0,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,RCVD_IN_BARRACUDACENTRAL,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: An address/length entry of two zeros is supposed to mark the end of a table. But in some cases a producer might leave zero entries in the table (for example when using gcc -ffunction-sections -gc-sections). Since we know the lenght of the table we can just skip such entries and continue to the end. * libdw/dwarf_getaranges.c (dwarf_getaranges): Calculate endp. When seeing two zero values, check we are at endp. https://sourceware.org/bugzilla/show_bug.cgi?id=27805 Signed-off-by: Mark Wielaard --- libdw/dwarf_getaranges.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/libdw/dwarf_getaranges.c b/libdw/dwarf_getaranges.c index de5b81ba..27439d37 100644 --- a/libdw/dwarf_getaranges.c +++ b/libdw/dwarf_getaranges.c @@ -1,5 +1,6 @@ /* Return list address ranges. Copyright (C) 2000-2010, 2016, 2017 Red Hat, Inc. + Copyright (C) 2023 Mark J. Wielaard This file is part of elfutils. Written by Ulrich Drepper , 2000. @@ -124,6 +125,10 @@ dwarf_getaranges (Dwarf *dbg, Dwarf_Aranges **aranges, size_t *naranges) && length <= DWARF3_LENGTH_MAX_ESCAPE_CODE)) goto invalid; + const unsigned char *endp = readp + length; + if (unlikely (endp > readendp)) + goto invalid; + if (unlikely (readp + 2 > readendp)) goto invalid; @@ -182,9 +187,17 @@ dwarf_getaranges (Dwarf *dbg, Dwarf_Aranges **aranges, size_t *naranges) else range_length = read_8ubyte_unaligned_inc (dbg, readp); - /* Two zero values mark the end. */ + /* Two zero values mark the end. But in some cases (bugs) + there might be such entries in the middle of the table. + Ignore and continue, we'll check the actual length of + the table to see if we are really at the end. */ if (range_address == 0 && range_length == 0) - break; + { + if (readp >= endp) + break; + else + continue; + } /* We don't use alloca for these temporary structures because the total number of them can be quite large. */ -- 2.41.0