[Lldb-commits] [lldb] r233886 - Add a tiny bit of hardening to the eh_frame and compact unwind parsing.

Jason Molenda jmolenda at apple.com
Wed Apr 1 21:35:32 PDT 2015 

Author: jmolenda
Date: Wed Apr  1 23:35:32 2015
New Revision: 233886

URL: http://llvm.org/viewvc/llvm-project?rev=233886&view=rev
Log:
Add a tiny bit of hardening to the eh_frame and compact unwind parsing.
When we're seeing offsets that exceed the size of our section, don't 
try to use that unwind info.
<rdar://problem/20113673> 

Modified:
    lldb/trunk/source/Symbol/CompactUnwindInfo.cpp
    lldb/trunk/source/Symbol/DWARFCallFrameInfo.cpp

Modified: lldb/trunk/source/Symbol/CompactUnwindInfo.cpp
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/source/Symbol/CompactUnwindInfo.cpp?rev=233886&r1=233885&r2=233886&view=diff
==============================================================================
--- lldb/trunk/source/Symbol/CompactUnwindInfo.cpp (original)
+++ lldb/trunk/source/Symbol/CompactUnwindInfo.cpp Wed Apr  1 23:35:32 2015
@@ -283,9 +283,17 @@ CompactUnwindInfo::ScanIndex (const Proc
 
         uint32_t indexCount = m_unwindinfo_data.GetU32(&offset);
 
-        if (m_unwind_header.version != 1)
+        if (m_unwind_header.common_encodings_array_offset > m_unwindinfo_data.GetByteSize()
+            || m_unwind_header.personality_array_offset > m_unwindinfo_data.GetByteSize()
+            || indexSectionOffset > m_unwindinfo_data.GetByteSize()
+            || offset > m_unwindinfo_data.GetByteSize())
         {
+            Host::SystemLog (Host::eSystemLogError,
+                    "error: Invalid offset encountered in compact unwind info, skipping\n");
+            // don't trust anything from this compact_unwind section if it looks
+            // blatently invalid data in the header.
             m_indexes_computed = eLazyBoolNo;
+            return;
         }
 
         // Parse the basic information from the indexes

Modified: lldb/trunk/source/Symbol/DWARFCallFrameInfo.cpp
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/source/Symbol/DWARFCallFrameInfo.cpp?rev=233886&r1=233885&r2=233886&view=diff
==============================================================================
--- lldb/trunk/source/Symbol/DWARFCallFrameInfo.cpp (original)
+++ lldb/trunk/source/Symbol/DWARFCallFrameInfo.cpp Wed Apr  1 23:35:32 2015
@@ -365,6 +365,31 @@ DWARFCallFrameInfo::GetFDEIndex ()
             cie_offset = current_entry + 4 - cie_id;
         }
 
+        if (next_entry > m_cfi_data.GetByteSize() + 1)
+        {
+            Host::SystemLog (Host::eSystemLogError,
+                    "error: Invalid fde/cie next entry offset of 0x%x found in cie/fde at 0x%x\n",
+                    next_entry,
+                    current_entry);
+            // Don't trust anything in this eh_frame section if we find blatently 
+            // invalid data.
+            m_fde_index.Clear();
+            m_fde_index_initialized = true;
+            return;
+        }
+        if (cie_offset > m_cfi_data.GetByteSize())
+        {
+            Host::SystemLog (Host::eSystemLogError,
+                    "error: Invalid cie offset of 0x%x found in cie/fde at 0x%x\n",
+                    cie_offset,
+                    current_entry);
+            // Don't trust anything in this eh_frame section if we find blatently 
+            // invalid data.
+            m_fde_index.Clear();
+            m_fde_index_initialized = true;
+            return;
+        }
+
         if (cie_id == 0 || cie_id == UINT32_MAX || len == 0)
         {
             m_cie_map[current_entry] = ParseCIE (current_entry);

More information about the lldb-commits mailing list