From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184]) by sourceware.org (Postfix) with ESMTPS id 9BCF63858D39 for ; Mon, 1 Aug 2022 09:13:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 9BCF63858D39 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=klomp.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org Received: from reform (deer0x03.wildebeest.org [172.31.17.133]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 4215B30003A9; Mon, 1 Aug 2022 11:13:07 +0200 (CEST) Received: by reform (Postfix, from userid 1000) id 982E52E821AB; Mon, 1 Aug 2022 11:13:06 +0200 (CEST) Date: Mon, 1 Aug 2022 11:13:06 +0200 From: Mark Wielaard To: Di Chen Cc: elfutils-devel@sourceware.org Subject: Re: =?utf-8?B?4pigIEJ1aWxkYm8=?= =?utf-8?Q?t?= (GNU Toolchain): elfutils - failed test (failure) (master) Message-ID: References: <20220731235433.1EFF93857C5C@sourceware.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="UMZMLIk4LAN2+w96" Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-11.5 required=5.0 tests=BAYES_00, GIT_PATCH_0, JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: elfutils-devel@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Elfutils-devel mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Aug 2022 09:13:10 -0000 --UMZMLIk4LAN2+w96 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, On Mon, Aug 01, 2022 at 02:09:52AM +0200, Mark Wielaard wrote: > > - 7: make check ( failure ) > > Logs: > > - stdio: https://builder.sourceware.org/buildbot/#builders/43/builds/47/steps/7/logs/stdio > > - test-suite.log: https://builder.sourceware.org/buildbot/#builders/43/builds/47/steps/7/logs/test-suite_log > > So that is in the one little addition I made: > > -==3856043== Invalid read of size 1 > -==3856043== at 0x484EBE8: memrchr (vg_replace_strmem.c:1012) > -==3856043== by 0x100FEDF: handle_dynamic (readelf.c:1909) > -==3856043== by 0x102061D: print_dynamic (readelf.c:2013) > -==3856043== by 0x102061D: process_elf_file (readelf.c:1034) > -==3856043== by 0x1021FDB: process_dwflmod (readelf.c:818) > -==3856043== by 0x4962BCF: dwfl_getmodules (dwfl_getmodules.c:86) > -==3856043== by 0x100E175: process_file (readelf.c:926) > -==3856043== by 0x1006A75: main (readelf.c:395) > -==3856043== Address 0x56df358 is 24 bytes before a block of size 264 alloc'd > -==3856043== at 0x484C002: calloc (vg_replace_malloc.c:1328) > -==3856043== by 0x4A4EED9: elf_getdata_rawchunk (elf_getdata_rawchunk.c:173) > -==3856043== by 0x1010621: get_dynscn_strtab (readelf.c:4958) > -==3856043== by 0x1010621: handle_dynamic (readelf.c:1884) > -==3856043== by 0x102061D: print_dynamic (readelf.c:2013) > -==3856043== by 0x102061D: process_elf_file (readelf.c:1034) > -==3856043== by 0x1021FDB: process_dwflmod (readelf.c:818) > -==3856043== by 0x4962BCF: dwfl_getmodules (dwfl_getmodules.c:86) > -==3856043== by 0x100E175: process_file (readelf.c:926) > -==3856043== by 0x1006A75: main (readelf.c:395) > > I am staring at the code, but don't immediately see which mistake I > made. Maybe I should use d_val instead of d_ptr (but those are both > uint64_t so that shouldn't really matter). Doh. Even though memchr searches backwards, it takes the start of the buffer instead of the end of the buffer as argument. Fixed as attached, also cleaned up the use of d_val vs d_ptr. Pushed after verifying with a try- build that it really fixes the issue. Cheers, Mark --UMZMLIk4LAN2+w96 Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="0001-readelf-memrchr-searches-backwards-but-takes-the-sta.patch" >From d0ff4e224738adf34eba38dc33ffda67e5da6634 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Mon, 1 Aug 2022 02:02:16 +0200 Subject: [PATCH] readelf: memrchr searches backwards but takes the start buf as argument The bug (caught by valgrind) was giving memrchr to end of the buffer. Also as cleanup, Use d_val not d_ptr for calculating offset. --- src/ChangeLog | 5 +++++ src/readelf.c | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index db20a6ef..42ce6640 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2022-08-01 Mark Wielaard + + * readelf.c (handle_dynamic): Pass start of buffer to memrchr. + Use dyn->d_un.d_val for offsets instead of d_ptr. + 2022-04-28 Di Chen * readelf.c (options): Add use-dynamic 'D'. diff --git a/src/readelf.c b/src/readelf.c index f4d973da..f1f77ce8 100644 --- a/src/readelf.c +++ b/src/readelf.c @@ -1905,10 +1905,10 @@ handle_dynamic (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, GElf_Phdr *phdr) { if (! use_dynamic_segment) name = elf_strptr (ebl->elf, shdr->sh_link, dyn->d_un.d_val); - else if (dyn->d_un.d_ptr < strtab_data->d_size - && memrchr (strtab_data->d_buf + strtab_data->d_size - 1, '\0', - strtab_data->d_size - 1 - dyn->d_un.d_ptr) != NULL) - name = ((char *) strtab_data->d_buf) + dyn->d_un.d_ptr; + else if (dyn->d_un.d_val < strtab_data->d_size + && memrchr (strtab_data->d_buf + dyn->d_un.d_val, '\0', + strtab_data->d_size - 1 - dyn->d_un.d_val) != NULL) + name = ((char *) strtab_data->d_buf) + dyn->d_un.d_val; } switch (dyn->d_tag) -- 2.30.2 --UMZMLIk4LAN2+w96--