libbacktrace patch RFC: check size passed to backtrace_get

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

* libbacktrace patch RFC: check size passed to backtrace_get_view
@ 2019-01-18 15:40 Ian Lance Taylor
  2019-01-18 16:18 ` Tom de Vries
  0 siblings, 1 reply; 3+ messages in thread
From: Ian Lance Taylor @ 2019-01-18 15:40 UTC (permalink / raw)
  To: Tom de Vries; +Cc: gcc-patches

[-- Attachment #1: Type: text/plain, Size: 520 bytes --]

I agree that checking the size passed to backtrace_get_view seems like
the most reliable approach to avoid problems with large files on
32-bit systems.  How does this patch look?

Ian


2019-01-18  Ian Lance Taylor  <iant@golang.org>

PR libbacktrace/88890
* mmapio.c (backtrace_get_view): Change size parameter to
uint64_t.  Check that value fits in size_t.
* read.c (backtrace_get_view): Likewise.
* internal.h (backtrace_get_view): Update declaration.
* elf.c (elf_add): Pass shstrhdr->sh_size to backtrace_get_view.

[-- Attachment #2: patch.txt --]
[-- Type: text/plain, Size: 2553 bytes --]

Index: elf.c
===================================================================
--- elf.c	(revision 268078)
+++ elf.c	(working copy)
@@ -2813,7 +2813,7 @@ elf_add (struct backtrace_state *state,
   shstr_size = shstrhdr->sh_size;
   shstr_off = shstrhdr->sh_offset;
 
-  if (!backtrace_get_view (state, descriptor, shstr_off, shstr_size,
+  if (!backtrace_get_view (state, descriptor, shstr_off, shstrhdr->sh_size,
 			   error_callback, data, &names_view))
     goto fail;
   names_view_valid = 1;
Index: internal.h
===================================================================
--- internal.h	(revision 268078)
+++ internal.h	(working copy)
@@ -179,7 +179,7 @@ struct backtrace_view
 /* Create a view of SIZE bytes from DESCRIPTOR at OFFSET.  Store the
    result in *VIEW.  Returns 1 on success, 0 on error.  */
 extern int backtrace_get_view (struct backtrace_state *state, int descriptor,
-			       off_t offset, size_t size,
+			       off_t offset, uint64_t size,
 			       backtrace_error_callback error_callback,
 			       void *data, struct backtrace_view *view);
 
Index: mmapio.c
===================================================================
--- mmapio.c	(revision 268078)
+++ mmapio.c	(working copy)
@@ -51,7 +51,7 @@ POSSIBILITY OF SUCH DAMAGE.  */
 
 int
 backtrace_get_view (struct backtrace_state *state ATTRIBUTE_UNUSED,
-		    int descriptor, off_t offset, size_t size,
+		    int descriptor, off_t offset, uint64_t size,
 		    backtrace_error_callback error_callback,
 		    void *data, struct backtrace_view *view)
 {
@@ -60,6 +60,12 @@ backtrace_get_view (struct backtrace_sta
   off_t pageoff;
   void *map;
 
+  if ((uint64_t) (size_t) size != size)
+    {
+      error_callback (data, "file size too large", 0);
+      return 0;
+    }
+
   pagesize = getpagesize ();
   inpage = offset % pagesize;
   pageoff = offset - inpage;
Index: read.c
===================================================================
--- read.c	(revision 268078)
+++ read.c	(working copy)
@@ -46,12 +46,18 @@ POSSIBILITY OF SUCH DAMAGE.  */
 
 int
 backtrace_get_view (struct backtrace_state *state, int descriptor,
-		    off_t offset, size_t size,
+		    off_t offset, uint64_t size,
 		    backtrace_error_callback error_callback,
 		    void *data, struct backtrace_view *view)
 {
   ssize_t got;
 
+  if ((uint64_t) (size_t) size != size)
+    {
+      error_callback (data, "file size too large", 0);
+      return 0;
+    }
+
   if (lseek (descriptor, offset, SEEK_SET) < 0)
     {
       error_callback (data, "lseek", errno);

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: libbacktrace patch RFC: check size passed to backtrace_get_view
  2019-01-18 15:40 libbacktrace patch RFC: check size passed to backtrace_get_view Ian Lance Taylor
@ 2019-01-18 16:18 ` Tom de Vries
  2019-01-18 17:16   ` Ian Lance Taylor
  0 siblings, 1 reply; 3+ messages in thread
From: Tom de Vries @ 2019-01-18 16:18 UTC (permalink / raw)
  To: Ian Lance Taylor; +Cc: gcc-patches

On 18-01-19 16:40, Ian Lance Taylor wrote:
>  int
>  backtrace_get_view (struct backtrace_state *state ATTRIBUTE_UNUSED,
> -		    int descriptor, off_t offset, size_t size,
> +		    int descriptor, off_t offset, uint64_t size,
>  		    backtrace_error_callback error_callback,
>  		    void *data, struct backtrace_view *view)
>  {
> @@ -60,6 +60,12 @@ backtrace_get_view (struct backtrace_sta
>    off_t pageoff;
>    void *map;
>  
> +  if ((uint64_t) (size_t) size != size)
> +    {
> +      error_callback (data, "file size too large", 0);
> +      return 0;
> +    }
> +

Agreed, this will fix the PR.

There's a cornercase I'm not sure is worth bothering about, but given
that this is an RFC: in the case of 32-bit systems with 32-bit
filesystem, there will be a range of numbers that fit in size_t, but are
too large for off_t (both 32-bit but size_t unsigned and off_t signed),
so in that case, the file size is too large, but we're not detecting
that here. Though I think that should be handled in the subsequent mmap
(or, in the case of read.c, in the subsequent read(), though I'm
guessing the earlier backtrace_alloc > 2GB will already fail).

Thanks,
- Tom

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: libbacktrace patch RFC: check size passed to backtrace_get_view
  2019-01-18 16:18 ` Tom de Vries
@ 2019-01-18 17:16   ` Ian Lance Taylor
  0 siblings, 0 replies; 3+ messages in thread
From: Ian Lance Taylor @ 2019-01-18 17:16 UTC (permalink / raw)
  To: Tom de Vries; +Cc: gcc-patches

On Fri, Jan 18, 2019 at 8:18 AM Tom de Vries <tdevries@suse.de> wrote:
>
> On 18-01-19 16:40, Ian Lance Taylor wrote:
> >  int
> >  backtrace_get_view (struct backtrace_state *state ATTRIBUTE_UNUSED,
> > -                 int descriptor, off_t offset, size_t size,
> > +                 int descriptor, off_t offset, uint64_t size,
> >                   backtrace_error_callback error_callback,
> >                   void *data, struct backtrace_view *view)
> >  {
> > @@ -60,6 +60,12 @@ backtrace_get_view (struct backtrace_sta
> >    off_t pageoff;
> >    void *map;
> >
> > +  if ((uint64_t) (size_t) size != size)
> > +    {
> > +      error_callback (data, "file size too large", 0);
> > +      return 0;
> > +    }
> > +
>
> Agreed, this will fix the PR.

Thanks.  Committed to mainline.

> There's a cornercase I'm not sure is worth bothering about, but given
> that this is an RFC: in the case of 32-bit systems with 32-bit
> filesystem, there will be a range of numbers that fit in size_t, but are
> too large for off_t (both 32-bit but size_t unsigned and off_t signed),
> so in that case, the file size is too large, but we're not detecting
> that here. Though I think that should be handled in the subsequent mmap
> (or, in the case of read.c, in the subsequent read(), though I'm
> guessing the earlier backtrace_alloc > 2GB will already fail).

Yeah, I'm not worried about that case.  A system with a signed 32-bit
off_t can't really support files larger than 2G anyhow, since for
larger files the struct stat st_size field will be negative.

Ian

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2019-01-18 17:16 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-18 15:40 libbacktrace patch RFC: check size passed to backtrace_get_view Ian Lance Taylor
2019-01-18 16:18 ` Tom de Vries
2019-01-18 17:16   ` Ian Lance Taylor

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).