[libunwind] 82576d6 - [libunwind] Fix UB in EHHeaderParser::findFDE
Jorge Gorbe Moya via cfe-commits
cfe-commits at lists.llvm.org
Tue Apr 7 14:47:37 PDT 2020
Author: Jorge Gorbe Moya
Date: 2020-04-07T14:44:42-07:00
New Revision: 82576d6fecfec71725eb900111c000d772002449
URL: https://github.com/llvm/llvm-project/commit/82576d6fecfec71725eb900111c000d772002449
DIFF: https://github.com/llvm/llvm-project/commit/82576d6fecfec71725eb900111c000d772002449.diff
LOG: [libunwind] Fix UB in EHHeaderParser::findFDE
When the EHHeaderInfo object filled by decodeEHHdr has fde_count == 0,
findFDE does the following:
- sets low = 0 and len = hdrInfo.fde_count as a preparation to start a
binary search
- because len is 0, the binary search loop is skipped
- the code still tries to find a table entry at
hdrInfo.table + low * tableEntrySize, and decode it.
This is wrong when fde_count is 0, and trying to decode a table entry
that isn't there will lead to reading garbage offsets and can cause
segfaults.
Differential Revision: https://reviews.llvm.org/D77679
Added:
Modified:
libunwind/src/EHHeaderParser.hpp
Removed:
################################################################################
diff --git a/libunwind/src/EHHeaderParser.hpp b/libunwind/src/EHHeaderParser.hpp
index 0101835b8e63..f97cca54825f 100644
--- a/libunwind/src/EHHeaderParser.hpp
+++ b/libunwind/src/EHHeaderParser.hpp
@@ -109,6 +109,8 @@ bool EHHeaderParser<A>::findFDE(A &addressSpace, pint_t pc, pint_t ehHdrStart,
hdrInfo))
return false;
+ if (hdrInfo.fde_count == 0) return false;
+
size_t tableEntrySize = getTableEntrySize(hdrInfo.table_enc);
pint_t tableEntry;
More information about the cfe-commits
mailing list