From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yw1-x1135.google.com (mail-yw1-x1135.google.com [IPv6:2607:f8b0:4864:20::1135]) by sourceware.org (Postfix) with ESMTPS id 3B10D3881D03 for ; Mon, 13 Feb 2023 20:04:01 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3B10D3881D03 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=google.com Received: by mail-yw1-x1135.google.com with SMTP id 00721157ae682-52f0001ff8eso79490167b3.4 for ; Mon, 13 Feb 2023 12:04:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=KoppsYhT5X6oonJjhVfS7xYAofzJ+S2tdU237l9CkNQ=; b=SZ5ttZZfiWYULIbpnLF4YhMFt69m9vc9RPo/Ur65iJX7gF9MZq0bnQRs/hIMSML49P rTlCu+z0k9g5mjN7FtLV0cuSwUT8va2o/tLTphnuK5ZX1eqsRSJYGsaYTC8jsntQgxZy 6IK3PWQHsOyrWQvzXBEiobg02iCPKRFOLhFk3ZHIg1V1ppeFNty+XNwOa0yNZVuIzTlJ qnWL0Q3zhKijlYiP5Co0QnW5HRyNAbvCU31HPbnpuKW45q8ANmrYVyVEMdhfM3SWuKBw 0ClwC9vZuxqoQmtPtgahuWz2PhGgkEB4XvabQ5tJKD/iTHYJBva1QxFOppp8zpdcHYe6 sVdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KoppsYhT5X6oonJjhVfS7xYAofzJ+S2tdU237l9CkNQ=; b=RotxXM7inHYsj7QtKve+P2jK/PARMnln6FVjLXWhGF2MTueQw3X/FSMkYoGK3zDY5u KgC7B1cFsWotDGLqODTA+yGABRwxW5xNHegy86hEJDAcQLsLsEXDqrRSWm323pUWqpQH IVaJudbFznNss3PbKZV9md5wve1XEwUXIqF+FlwJnJ2qoqKMVXss5796PaiCFIw3dNs5 hJ0I/wY9TDEyJV1PWiy+9YVFRnZawaltRmz5HFusLEty4nCbvk2iUdX0fGwLEGAkV/ge xyapXNqSOOUWpF4EEyOewuRoLrUIlDa2XPyBGmyl49dxfsru8zQhlXH1vGlxSYU3w95J 5CSg== X-Gm-Message-State: AO0yUKXNyrluUmcOrnpZX5lU7FC2Y7Gn1UM0NO34x9/IWpQsGFDAZRDv 3SJ88LVlmSD/rvhtdMWmbJQLDqirACHnWSxkkEmYhA== X-Google-Smtp-Source: AK7set8r3gPwjOObERHvSIpYNXFme/5QKltk8NsJUsuQdcM1QUh5SZgk9QHn7mJQvaDPpEZmR95fk2oGuYSwiKzVuAM= X-Received: by 2002:a0d:ea87:0:b0:52e:d5ac:6074 with SMTP id t129-20020a0dea87000000b0052ed5ac6074mr1582987ywe.331.1676318640381; Mon, 13 Feb 2023 12:04:00 -0800 (PST) MIME-Version: 1.0 References: <20230125160530.949622-1-vvvvvv@google.com> <20230211234258.GG2430@gnu.wildebeest.org> In-Reply-To: <20230211234258.GG2430@gnu.wildebeest.org> From: Aleksei Vetrov Date: Mon, 13 Feb 2023 20:03:49 +0000 Message-ID: Subject: Re: [PATCH] libdw: check memory access in get_(u|s)leb128 To: Mark Wielaard Cc: elfutils-devel@sourceware.org, kernel-team@android.com, maennich@google.com Content-Type: multipart/alternative; boundary="0000000000001788c405f49a59fe" X-Spam-Status: No, score=-18.2 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH,HK_RANDOM_ENVFROM,HK_RANDOM_FROM,HTML_MESSAGE,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --0000000000001788c405f49a59fe Content-Type: text/plain; charset="UTF-8" Hi Mark, On Sat, Feb 11, 2023 at 11:43 PM Mark Wielaard wrote: > After this code we will do: > > /* There might be one extra byte. */ > unsigned char b = **addrp; > ++*addrp; > > So I think we want to catch that too. Easiest imho seems to move (and > invert) the max check immediately after calculating max. Thanks for finding this! Sounds good and I'm going to do this also in uleb128 for consistency. Sending updated patch in reply. --0000000000001788c405f49a59fe--