[Lldb-commits] [lldb] 62c7475 - Check if null buffer handed to SBProcess::ReadMemory

Jason Molenda via lldb-commits lldb-commits at lists.llvm.org
Tue Feb 7 14:16:11 PST 2023 

Author: Jason Molenda
Date: 2023-02-07T14:16:04-08:00
New Revision: 62c747517cd9a0d57f198e0fd0984f71fe75240f

URL: https://github.com/llvm/llvm-project/commit/62c747517cd9a0d57f198e0fd0984f71fe75240f
DIFF: https://github.com/llvm/llvm-project/commit/62c747517cd9a0d57f198e0fd0984f71fe75240f.diff

LOG: Check if null buffer handed to SBProcess::ReadMemory

Add a check for a null destination buffer in SBProcess::ReadMemory,
and return an error if that happens.  If a Python SB API script
tries to allocate a huge amount of memory, the malloc done by the
intermediate layers will fail and will hand a null pointer to
ReadMemory.  lldb will eventually crash trying to write in to that
buffer.

Also add a test that tries to allocate an impossibly large amount
of memory, and hopefully should result in a failed malloc and hitting
this error codepath.

Differential Revision: https://reviews.llvm.org/D143012
rdar://104846609

Added: 
    

Modified: 
    lldb/source/API/SBProcess.cpp
    lldb/test/API/python_api/process/TestProcessAPI.py

Removed: 
    


################################################################################
diff  --git a/lldb/source/API/SBProcess.cpp b/lldb/source/API/SBProcess.cpp
index 1a7881ccb11f2..5c8f17fa97fb1 100644
--- a/lldb/source/API/SBProcess.cpp
+++ b/lldb/source/API/SBProcess.cpp
@@ -802,8 +802,13 @@ size_t SBProcess::ReadMemory(addr_t addr, void *dst, size_t dst_len,
                              SBError &sb_error) {
   LLDB_INSTRUMENT_VA(this, addr, dst, dst_len, sb_error);
 
-  size_t bytes_read = 0;
+  if (!dst) {
+    sb_error.SetErrorStringWithFormat(
+        "no buffer provided to read %zu bytes into", dst_len);
+    return 0;
+  }
 
+  size_t bytes_read = 0;
   ProcessSP process_sp(GetSP());
 
 

diff  --git a/lldb/test/API/python_api/process/TestProcessAPI.py b/lldb/test/API/python_api/process/TestProcessAPI.py
index cf05335b23840..36291fcc66b8a 100644
--- a/lldb/test/API/python_api/process/TestProcessAPI.py
+++ b/lldb/test/API/python_api/process/TestProcessAPI.py
@@ -72,6 +72,20 @@ def test_read_memory(self):
             exe=False,
             startstr=b'x')
 
+        # Try to read an impossibly large amount of memory; swig
+        # will try to malloc it and fail, we should get an error 
+        # result.
+        error = lldb.SBError()
+        content = process.ReadMemory(
+                val.AddressOf().GetValueAsUnsigned(), 
+                0xffffffffffffffe8, error)
+        if error.Success():
+            self.assertFalse(error.Success(), "SBProcessReadMemory claims to have "
+                      "successfully read 0xffffffffffffffe8 bytes")
+        if self.TraceOn():
+            print("Tried to read 0xffffffffffffffe8 bytes, got error message: ",
+                  error.GetCString())
+
         # Read (char *)my_char_ptr.
         val = frame.FindValue("my_char_ptr", lldb.eValueTypeVariableGlobal)
         self.DebugSBValue(val)

More information about the lldb-commits mailing list