[PATCH] D39185: [llvm-dwarfdump] - Fix array out of bounds access crash.
George Rimar via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Oct 23 09:04:16 PDT 2017
grimar created this revision.
Herald added a subscriber: JDevlieghere.
I faced random crash in llvm-dwarfdump, which was randomly reproducable.
It happens because llvm-dwarfdump can access array out of bounds when DWARF
parsers tries to get children DIEs which are absent because of corrupted .debug_data.
Problem is in a following method:
DWARFDie getFirstChild() const {
if (isValid() && Die->hasChildren())
return DWARFDie(U, Die + 1);
return DWARFDie();
}
Here new DWARFDie is created, but there is no checks that Die + 1
is a valid memory, because Die is a simple pointer. Though
it is possible for Die + 1 to point on garbage data and testcase provided
shows that.
I suggest to wrap Die into ArrayRef, what allows to do all the necessary safety checks.
https://reviews.llvm.org/D39185
Files:
include/llvm/DebugInfo/DWARF/DWARFDie.h
include/llvm/DebugInfo/DWARF/DWARFUnit.h
lib/DebugInfo/DWARF/DWARFDie.cpp
lib/DebugInfo/DWARF/DWARFUnit.cpp
test/tools/llvm-dwarfdump/X86/verify_debug_info2.s
tools/llvm-dwarfdump/llvm-dwarfdump.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D39185.119859.patch
Type: text/x-patch
Size: 7717 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20171023/2efc7eb1/attachment.bin>
More information about the llvm-commits
mailing list