From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 106876 invoked by alias); 8 Dec 2017 15:05:59 -0000 Mailing-List: contact elfutils-devel-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: elfutils-devel-owner@sourceware.org Received: (qmail 106864 invoked by uid 89); 8 Dec 2017 15:05:59 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 spammy= X-Spam-Status: No, score=-25.9 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: EUR01-DB5-obe.outbound.protection.outlook.com Received: from mail-db5eur01on0115.outbound.protection.outlook.com (HELO EUR01-DB5-obe.outbound.protection.outlook.com) (104.47.2.115) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 08 Dec 2017 15:05:55 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qtcompany.onmicrosoft.com; s=selector1-qt-io; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=UF9UUPl2Mm7OYn6Orbnl/r5f3Be+AxwktZDtewtMq8k=; b=b2xg1wH6yGeo+L8f94uHFTD3CGy8gUnVcqABOBSqk985yhAlKSMysB8RTnV98stEHXYmgUMwWp1clAe0QpEg+rhqfxIb8Kc8NZWxPsgtBBp7weW28429Bf8bUjYFZliVBYdGrMFAe30L6YtIl2xN+TIqjTyfNOMuR2nClvooPvw= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=ulf.hermann@qt.io; Received: from [10.9.78.45] (62.220.2.194) by AM4PR0201MB1825.eurprd02.prod.outlook.com (2603:10a6:200:35::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Fri, 8 Dec 2017 15:05:52 +0000 From: Ulf Hermann Subject: [PATCH 1/2 v2] Don't overflow in __libdw_in_section To: elfutils-devel@sourceware.org Message-ID: <5ae489eb-3981-24b4-294a-734b1c52731d@qt.io> Date: Fri, 08 Dec 2017 15:05:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [62.220.2.194] X-ClientProxiedBy: AM5P194CA0018.EURP194.PROD.OUTLOOK.COM (2603:10a6:203:8f::28) To AM4PR0201MB1825.eurprd02.prod.outlook.com (2603:10a6:200:35::11) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a5128269-1410-417c-6d54-08d53e4d2c78 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603307);SRVR:AM4PR0201MB1825; X-Microsoft-Exchange-Diagnostics: 1;AM4PR0201MB1825;3:YpG9y+YUHKaW8xIC0A2kHebaIoIQprAhFR7CPnqy5UM494ObOsDk7QugMclRNR7fqrGa/o+tQZie58QOCMQdsX0YacN8pDftRkeVRGGWrq0qX3Tc35cKENpHp+xb/bUfJNy4SJckF/oqV1FXpuT3nMuZ+DznbB5yzuNWRBplKonfCCDIupxsCprJWoVq/U7MeJOtvwgR6HyTgvuqbz0bbLQW0GxIWWQY9vHkZBm8CKdZz29nwCRIxldikWsCDEfi;25:mUO/OSZgJTIDAYyzjVnf695TPr/PcamZkvC1CL5KY8LlcPRN52JR7NUm4LU+HHaNTjDlaikAXyNDzJfr/s8sua3WAngp+Qr3Vu9Yv1I0jpN+IxZZ/3n4BmOakP+oLNjNq1T87D53BfGofLgiAVSxpRdBb26jpnnme5C4kPpO6It/Hh3NP9RUPCvBFSKQbAP0thMGgIAH/KW+slP5GYe8FP1pqqVahVcpDcSUyR2TTqLLmlfwf5oUBSywXGgWhF4s2qwqD+loNqVqSl4ut0uzkGKqT3019qzdi29bBxrlUb3c7UvEmVYB/SgYqzUi5RTRhfTBNhWQfojSzJ8YpeY1vA==;31:ZA6hvU7rcrUy0lLSD6BQX2d8o4hlJQm0ry9vyEJSNsaWEgYJLmrcpqry/iILsybRv5XWiAah0mhiFfR5lveUOAFO/I4EM+kvNp0TCQMBYfgvRQY6JTVyLt/G4QlObX7qbFeMVJ2IdfmjYRb6r27wsgSjlOGIVYBfR3dPT8pbewwIuBpzIgKUmldrgDdtV2Jy6EU1ANXqKrVMJICArG/Wl3esUqWvT5Ssaiok1eGCpX0= X-MS-TrafficTypeDiagnostic: AM4PR0201MB1825: X-Microsoft-Exchange-Diagnostics: 1;AM4PR0201MB1825;20:W4flaAOHbFNFcUgh1mndsmdsmAQ6JoXFAJHaBBCQ7gGmaFLAh5z0gMge8lT0tEJpYNhMN2A4XG3IvRuSf7ZYHbSm/qjrwhiSzZEki06LqI6Wd/FkmkxJs0UX/kBWowkppjpYafOhaxu2ywNjNcI/GcYNbj8aR6gRvPpB9LS1/cxWhQ5bDhPpxKe0hKd+v/4nYQP23aam3xJ5OcEJqGN6JPFGPVWx0LcnBk40KqDykcdosfnyA67kziGApWN9fdyIGpvucJdHILFWjTH6i0u/c64I78YAe5TWVDLsuhfmD4SqSfxX/VuwTmAGPJFk7N4oqM5Z+er1HdbOTqtr6r8g0bU5xL2Y3gmj6TcZM11fUVI+Xc5e3MR8PxMcG/j1WTcnQQ7fKJw6OqzGgPwHZQGfWBDyRFBYXZLZXEHTwOmZHaAzQ5/H8HzTdW2FKvEGBmq3ggRcxOjzW7/qiW2W+uE5PRiKYziH9FpBT9B8ZWZxFdWlZCKgnpZ098fH9s4FT0iC;4:YWqjl2nefBhS/+ToE/FJ1VngcZGBwA7xsEHHGCKjhhXkp2skkeiG7D1YpI2xGCsM0rU8qjClBlpenhc0deq1CzKJkQJyEG5qgbgia3yMi0FOyZsvefeiWYmAgOVvSxbHhSDp2HiWzBEpepfGSRHlABFRBa4SA0ytS5upyjCt4loM6eP5dDS1siieMz+p9rm/14zCcKem7FWujlKKfbmEFsfmbaZu1+cfSYxevv46ZXKBZrLImQaYvuPGqCs1WBYsSsh4mhbQnRGIwnMxi3qmQw== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231022)(93006095)(93001095)(6041248)(20161123555025)(20161123558100)(20161123562025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(6072148)(201708071742011);SRVR:AM4PR0201MB1825;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:AM4PR0201MB1825; X-Forefront-PRVS: 0515208626 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(6049001)(376002)(346002)(366004)(39830400002)(377424004)(54534003)(199004)(189003)(5660300001)(16576012)(33646002)(105586002)(106356001)(2361001)(2351001)(6916009)(36756003)(65826007)(230700001)(68736007)(65956001)(3846002)(25786009)(6116002)(3260700006)(86362001)(64126003)(31696002)(65806001)(16526018)(53936002)(8936002)(50466002)(478600001)(31686004)(83506002)(67846002)(8676002)(81166006)(23676004)(316002)(81156014)(74482002)(6486002)(77096006)(66066001)(33896004)(47776003)(52116002)(305945005)(2906002)(97736004)(7736002)(58126008);DIR:OUT;SFP:1102;SCL:1;SRVR:AM4PR0201MB1825;H:[10.9.78.45];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; Received-SPF: None (protection.outlook.com: qt.io does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtBTTRQUjAyMDFNQjE4MjU7MjM6WlE0ME1wckMzQi9tMUhtOGI4bk1vKy9D?= =?utf-8?B?dStPdVU0R2hwbTNidkM4RmYwK3pqSnI3Y2NuNDhaT1l5Rnh3dEI3YVpIbzgw?= =?utf-8?B?WGgvS0RKVzc4aGt0YnlCRHJ4RlI5RFI1UDhGNm9QZDdyL2JFZC9nUjNqQ0ha?= =?utf-8?B?cFBScWdUUlEwYk1lR3VUQlBYVlh0eE5UNVJhS1FJS1BueE1NNWVLbEU1TTYr?= =?utf-8?B?K2x5M2pPenRXSVh2bjVLTmFxaEYySTlKcllwUnphaWFneVR0Y3R3QkdlMVFY?= =?utf-8?B?V0h4M1dGV1krU2Z2Y3ZWRUQ2NTEyRmdWRW8vZ3RsTTVudGpnNTFJeGlqcEc4?= =?utf-8?B?Qk9uUkpWN2p6NXVESkpCNG96RTVCMEtKN04weUZrcVRPZmw4R2JOTXd3NlBU?= =?utf-8?B?UmJxaVc3QkNMVDBjQnlncXNXSzVRNDZtV0hkYzRyZndZUnQxWGlObklqMndn?= =?utf-8?B?YW4rMHdGWU50Tzk0WUsxb1RPY0ZCbW9vWTNzUnlBQkw3ZzhhV0N1UGY2QUxX?= =?utf-8?B?a0xPMnBqRDZDL1dmQ2NlN2xBN1picDhxcEhKSjFRN1g2a3Y5VWREdzFhbjlp?= =?utf-8?B?TVBwanRCdjNRb0JWbTU5ekptSllMUlVNc0QwM3NxMksvWlNOVGlpRWxPL1JF?= =?utf-8?B?Uk1aUE9pUkI0QnE5MWd6WlpmZG5URzRFOTh5UXZ6QUFVTnMrM2FVWlBsaG9n?= =?utf-8?B?Q2pUUDBGbkdnbjF1YlpFd3l3Y0hpN2pWL1dMUG8vZXo3TGpzaENOMHN4cVBL?= =?utf-8?B?aTU1NytNZ3owRUVNTDV4V0F6aTlHNXZhaDRrUE12UHh6V1RPWklxbWNUeE83?= =?utf-8?B?eGxCeTBGK0F0SU5Lb1FYSDdTdVd2WFJVcTBOY29UYWI4akd1THgwZWRHSHlZ?= =?utf-8?B?YkhaNWFYUDkzZk94STU0Vm1WMzFSSVV6ZGxwOWdTcllueFhNdnI3aldQUXNS?= =?utf-8?B?elQ4WGFyWk5mUnNXWks5aFZyZEY2VDhQenpSN2ZRYVc3eSszQUg5Y1BnN2Mz?= =?utf-8?B?bW5xalVxSSt3dGhWamZraWRsY1lUQUw4ajlod09yc0dzbE1uOVVTQkM3enhy?= =?utf-8?B?QTdjd3NrRnZ4Y2JDRGpidTF4U1JBR3U2R1JIdGRiMnVEcVlTbFA3Qm5sRTRB?= =?utf-8?B?OThqRm43dnl4WDRXdG5WS1J0a0Rjay9uWWxmUG1RUG5UNkcxSVFqV2RIcmdE?= =?utf-8?B?MnY3THh5Qm5jQ2c5eEJSaXlvNm04OXlWSnM0WUZmd3RoT0d1bVAyR0dweGtC?= =?utf-8?B?Ky9DMjV4ZElBUll5a0MwMDhWZGM2azRub1lkcWZoTUxZRDJnd0pSSEVCZTFW?= =?utf-8?B?QndiM3k5d3pVQXpTSkJtblhjN0d4cHFKeDBVK0wrcDlDb0dQd2RjWlp2MGtN?= =?utf-8?B?MHhMV3NVckdBREc4MWRUdHJrOGIwclZSK254ejMwbDdGbjdsS1AwbkJkb21u?= =?utf-8?B?eU9uMHZaS0cyVGZPdjNxa2ZaU2pLUHNvVVloK3IrK2ZCdnhsSnczc3Z5RGl3?= =?utf-8?B?MzlNL0JCNzVKby9heGVrblN1NkxBVjFIa00xT1ZGdkh0eVFGT29KMHhPamZi?= =?utf-8?B?VTV4cEw3K0I0eGVtRWZiSUx3WWpvOURtWFJmRG11UUUrTFhXYkVZdVBBR2VX?= =?utf-8?B?NEE3WllXVVlzNks4aWpXUmY5c3Ivczd3SzExTUdVc3hTQUdRNThwMnBKTUJp?= =?utf-8?Q?t3C62au4IUpC1MFfGiA8tD5ciNcNsiRIgn8D/B5yF?= X-Microsoft-Exchange-Diagnostics: 1;AM4PR0201MB1825;6:7SNnn9wshP55T32veHlLcGQd1uNQQinTOm+8hGmT2wFZr2FooLr8MaKhoTu5m70Q3FylAH1J9KU+8TmrhBNZFsiBQLjnL3zexS+dUdlUKYNdeQSGwgyzo2mh4nDkKX5SfdJ0KpomErS4rFsxueLtE8oP3wiWbwBQco7cS63l+XhJrzcMgcDF2Bivzyvq09umQBBGBcWk/DyQsMrNQNw8ddzsJ7YBH0Zu1sPcS0A2zmDGkxCfKKD9L0mdSitm+nhSkTuAm0QtTk8l+TPZUSsJwhQCgAU5irJtARCwX4fH3bDKzoeooY4MQuq3phGcqtacdF2JGVbXvo12JjzhLB6qgDAMgH6FT3rpzORqAESG50o=;5:WL8ssbKjG95yZIrSWVz6+2ZSpoOLUilhfGQB7/Z+s1SQynUNotWNHnerzbplqEPAQhMFVYGoKvnEZR23dqs6yeBQNOB5rRiGE6qIvYwHWzVAqETUcD8NBaQOm864HZru9vYLpCm5T9D5xV1kVfxI71MKtCmUXLdTQnSlvqgpcVE=;24:T9N0KuH+PHBF/Gy79664X/khR6ESLFpdPr2LF2u6+VVMmWsjTxAWcxNVWTQhbqwdTh9zYJg/JrDBGeK7EUO9eC3FapYL43yQV1sYaKUy4yc=;7:JaA+OOLboeH/QZyS1rIhcD51rcwg9Q19ISc1NCs3V03DDfk3pk6MgqxL+Y83PM2OtZPeXe7KeUSQvXr5gE9m8BeZwG6ACwXCukaXSZIsnDCK1s9/q/tWaa78HGK8T+nY3iK4VlK1AE1jQxZHb8wuj72HhYy4MG917tBMwej9sdoxIlXZmGJxHdlC6V1aIz6HG8uZ/b4Mex9k6ustJHUdggYzNiTi+Is5c5C9aNTCDBBvPI9G3RG+Xu4hIpi9rN8/ SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: qt.io X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Dec 2017 15:05:52.1661 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a5128269-1410-417c-6d54-08d53e4d2c78 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 20d0b167-794d-448a-9d01-aaeccc1124ac X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0201MB1825 X-IsSubscribed: yes X-SW-Source: 2017-q4/txt/msg00094.txt.bz2 This exposes a bug in dwarf_formstring as detected by the dwarf-getmacros test. We cannot unconditionally assume that a string is in either the IDX_debug_info or the IDX_debug_types section as determined by cu_sec_idx. (Signed-off instead of Change-Id ...) Signed-off-by: Ulf Hermann --- libdw/ChangeLog | 4 ++++ libdw/libdwP.h | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/libdw/ChangeLog b/libdw/ChangeLog index 4375244..996cd2e 100644 --- a/libdw/ChangeLog +++ b/libdw/ChangeLog @@ -1,3 +1,7 @@ +2017-05-09 Ulf Hermann + + * libdwP.h: Fix check for the upper border of the range in __libdw_in_section. + 2017-11-03 Mark Wielaard * dwarf_getlocation.c (__libdw_intern_expression): Handle diff --git a/libdw/libdwP.h b/libdw/libdwP.h index 78c0013..e092d8e 100644 --- a/libdw/libdwP.h +++ b/libdw/libdwP.h @@ -643,7 +643,8 @@ __libdw_in_section (Dwarf *dbg, int sec_index, if (data == NULL) return false; if (unlikely (addr < data->d_buf) - || unlikely (data->d_size - (addr - data->d_buf) < size)) + || unlikely (data->d_size < size) + || unlikely ((size_t)(addr - data->d_buf) > data->d_size - size)) { __libdw_seterrno (DWARF_E_INVALID_OFFSET); return false; -- 2.8.1.windows.1