[libcxx-commits] [PATCH] D66904: [libunwind] Fix memory leak in handling of DW_CFA_remember_state and DW_CFA_restore_state
Jorge Gorbe Moya via Phabricator via libcxx-commits
libcxx-commits at lists.llvm.org
Fri Nov 15 13:39:31 PST 2019
jgorbe updated this revision to Diff 229635.
jgorbe marked an inline comment as done.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D66904/new/
https://reviews.llvm.org/D66904
Files:
libunwind/src/DwarfParser.hpp
libunwind/test/remember_state_leak.pass.sh.s
Index: libunwind/test/remember_state_leak.pass.sh.s
===================================================================
--- /dev/null
+++ libunwind/test/remember_state_leak.pass.sh.s
@@ -0,0 +1,56 @@
+# REQUIRES: x86, linux
+# RUN: %build -target x86_64-unknown-linux-gnu
+# RUN: %run
+
+# The following assembly is a translation of this code:
+#
+# _Unwind_Reason_Code callback(int, _Unwind_Action, long unsigned int,
+# _Unwind_Exception*, _Unwind_Context*, void*) {
+# return _Unwind_Reason_Code(0);
+# }
+#
+# int main() {
+# asm(".cfi_remember_state\n\t");
+# _Unwind_Exception exc;
+# _Unwind_ForcedUnwind(&exc, callback, 0);
+# asm(".cfi_restore_state\n\t");
+# }
+#
+# When unwinding, the CFI parser will stop parsing opcodes after the current PC,
+# so in this case the DW_CFA_restore_state opcode will never be processed and,
+# if the library doesn't clean up properly, the store allocated by
+# DW_CFA_remember_state will be leaked.
+#
+# This test will fail when linked with an asan-enabled libunwind if the
+# remembered state is leaked.
+
+ SIZEOF_UNWIND_EXCEPTION = 32
+
+ .text
+callback:
+ xorl %eax, %eax
+ retq
+
+ .globl main # -- Begin function main
+ .p2align 4, 0x90
+ .type main, at function
+main: # @main
+ .cfi_startproc
+ subq $8, %rsp # Adjust stack alignment
+ subq $SIZEOF_UNWIND_EXCEPTION, %rsp
+ .cfi_def_cfa_offset 48
+ .cfi_remember_state
+ movq %rsp, %rdi
+ movabsq $callback, %rsi
+ xorl %edx, %edx
+ callq _Unwind_ForcedUnwind
+ .cfi_restore_state
+ xorl %eax, %eax
+ addq $SIZEOF_UNWIND_EXCEPTION, %rsp
+ addq $8, %rsp # Undo stack alignment adjustment
+ .cfi_def_cfa_offset 8
+ retq
+.Lfunc_end1:
+ .size main, .Lfunc_end1-main
+ .cfi_endproc
+ # -- End function
Index: libunwind/src/DwarfParser.hpp
===================================================================
--- libunwind/src/DwarfParser.hpp
+++ libunwind/src/DwarfParser.hpp
@@ -360,13 +360,25 @@
PrologInfoStackEntry *rememberStack = NULL;
// parse CIE then FDE instructions
- return parseInstructions(addressSpace, cieInfo.cieInstructions,
- cieInfo.cieStart + cieInfo.cieLength, cieInfo,
- (pint_t)(-1), rememberStack, arch, results) &&
- parseInstructions(addressSpace, fdeInfo.fdeInstructions,
- fdeInfo.fdeStart + fdeInfo.fdeLength, cieInfo,
- upToPC - fdeInfo.pcStart, rememberStack, arch,
- results);
+ bool returnValue =
+ parseInstructions(addressSpace, cieInfo.cieInstructions,
+ cieInfo.cieStart + cieInfo.cieLength, cieInfo,
+ (pint_t)(-1), rememberStack, arch, results) &&
+ parseInstructions(addressSpace, fdeInfo.fdeInstructions,
+ fdeInfo.fdeStart + fdeInfo.fdeLength, cieInfo,
+ upToPC - fdeInfo.pcStart, rememberStack, arch, results);
+
+ // Clean up rememberStack. Even in the case where every DW_CFA_remember_state
+ // is paired with a DW_CFA_restore_state, parseInstructions can skip restore
+ // opcodes if it reaches the target PC and stops interpreting, so we have to
+ // make sure we don't leak memory.
+ while (rememberStack) {
+ PrologInfoStackEntry *next = rememberStack->next;
+ free(rememberStack);
+ rememberStack = next;
+ }
+
+ return returnValue;
}
/// "run" the DWARF instructions
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D66904.229635.patch
Type: text/x-patch
Size: 3654 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/libcxx-commits/attachments/20191115/f21ee0fa/attachment-0001.bin>
More information about the libcxx-commits
mailing list