[Lldb-commits] [PATCH] D154907: [LLDB] Fix buffer overflow problem in DWARFExpression::Evaluate (2nd attempt)

David Blaikie via Phabricator via lldb-commits lldb-commits at lists.llvm.org
Wed Jul 19 11:01:29 PDT 2023


dblaikie added a comment.

In D154907#4487335 <https://reviews.llvm.org/D154907#4487335>, @jasonmolenda wrote:

> This looks good to me, thanks for digging in Caroline!  Is there a naughty compiler emitting this, or are we mis-parsing somehow?



In D154907#4487523 <https://reviews.llvm.org/D154907#4487523>, @cmtice wrote:

> Thanks Jason. I think the compiler is generating some bad DWARF.  David Blaikie was investigating that on our end, but he's on vacation this week.

Yep - something in libc++ built with clang:

                DW_AT_name        ("third_party/llvm/llvm-project/libcxx/src/ios.instantiations.cpp")
                       [0x000000002b32cf96, 0x000000002b32d0e9): DW_OP_breg6 RBP-52, DW_OP_deref_size 0x10, DW_OP_stack_value)
                       [0x000000002b32d116, 0x000000002b32d265): DW_OP_breg6 RBP-56, DW_OP_deref_size 0x10, DW_OP_stack_value)
                          DW_AT_location  (DW_OP_fbreg -56, DW_OP_deref_size 0x10, DW_OP_stack_value)
                       [0x000000002b331396, 0x000000002b3314e6): DW_OP_breg6 RBP-52, DW_OP_deref_size 0x10, DW_OP_stack_value)
                       [0x000000002b331516, 0x000000002b331662): DW_OP_breg6 RBP-56, DW_OP_deref_size 0x10, DW_OP_stack_value)
                          DW_AT_location  (DW_OP_fbreg -56, DW_OP_deref_size 0x10, DW_OP_stack_value)
  --
                DW_AT_name        ("third_party/llvm/llvm-project/libcxx/src/locale.cpp")
                       [0x000000002b34146b, 0x000000002b341623): DW_OP_breg6 RBP-48, DW_OP_deref_size 0x10, DW_OP_stack_value
                       [0x000000002b3416d7, 0x000000002b3417e7): DW_OP_breg6 RBP-48, DW_OP_deref_size 0x10, DW_OP_stack_value
                       [0x000000002b342b2b, 0x000000002b342cdd): DW_OP_breg6 RBP-48, DW_OP_deref_size 0x10, DW_OP_stack_value
                       [0x000000002b342d96, 0x000000002b342ea6): DW_OP_breg6 RBP-48, DW_OP_deref_size 0x10, DW_OP_stack_value

I haven't isolated this - got to extract/figure out how our libc++ is built, etc.



================
Comment at: lldb/source/Expression/DWARFExpression.cpp:1082-1089
         void *src = (void *)stack.back().GetScalar().ULongLong();
         intptr_t ptr;
         ::memcpy(&ptr, src, sizeof(void *));
         // I can't decide whether the size operand should apply to the bytes in
         // their
         // lldb-host endianness or the target endianness.. I doubt this'll ever
         // come up but I'll opt for assuming big endian regardless.
----------------
Just as an aside - isn't this code doing an illegal load widening? If the pointer pointed to the end of a page or something, and asked for only one byte - reading extra bytes would be bad (similarly would cause a segfault/UB/etc), right?

(& I'm not sure I understand the comment about endianness - the operation reads that many bytes from the given address)


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D154907/new/

https://reviews.llvm.org/D154907



More information about the lldb-commits mailing list