From: Tom Tromey <tom@tromey.com>
To: "Willgerodt, Felix" <felix.willgerodt@intel.com>
Cc: Tom Tromey <tom@tromey.com>, Keith Seitz <keiths@redhat.com>,
"gdb-patches@sourceware.org" <gdb-patches@sourceware.org>
Subject: Re: [PATCH 1/1] gdb: Fix segfault with a negative .dynamic section size
Date: Tue, 14 Nov 2023 09:29:35 -0700 [thread overview]
Message-ID: <87il64pac0.fsf@tromey.com> (raw)
In-Reply-To: <MN2PR11MB45667FCFEFD234B74F1D989E8EB2A@MN2PR11MB4566.namprd11.prod.outlook.com> (Felix Willgerodt's message of "Tue, 14 Nov 2023 15:41:00 +0000")
>>>>> Willgerodt, Felix <felix.willgerodt@intel.com> writes:
> BFD is checking the section size against the file size two times and once
> It checks if the section size is staying in the ELF segments region.
> I don't think another warning from GDB would help. Or what GDB at this
> part of the code could do differently if it encounters such a thing.
Ok, I understand the problem now, I think.
bfd_get_section_contents does the size check -- but the buffer for the
contents must be allocated before this call. So, this approach is
forced on us by BFD's API.
Maybe changing that would be good, but meh, (1) changing BFD can be
difficult, and (2) it seems like a lot of work for fuzzer input.
I do wonder now why gdb generally uses bfd_get_section_contents and not
bfd_get_full_section_contents, as the latter supports decompression while
former does not.
Tom
next prev parent reply other threads:[~2023-11-14 16:29 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-10 9:16 Felix Willgerodt
2023-11-10 19:00 ` Keith Seitz
2023-11-13 9:58 ` Willgerodt, Felix
2023-11-13 17:15 ` Tom Tromey
2023-11-14 15:41 ` Willgerodt, Felix
2023-11-14 16:29 ` Tom Tromey [this message]
2023-11-15 8:51 ` Willgerodt, Felix
2023-11-15 14:52 ` Tom Tromey
2023-11-13 15:59 ` Willgerodt, Felix
2023-11-13 17:16 ` Tom Tromey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87il64pac0.fsf@tromey.com \
--to=tom@tromey.com \
--cc=felix.willgerodt@intel.com \
--cc=gdb-patches@sourceware.org \
--cc=keiths@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).