[PATCH] D76543: [llvm-dwp] Fix a possible out of bound access.
Igor Kudrin via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Sat Mar 21 04:47:38 PDT 2020
ikudrin created this revision.
ikudrin added reviewers: dblaikie, jhenderson.
ikudrin added projects: LLVM, debug-info.
`llvm-dwp` did not check section identifiers read from input files. In the case of an unexpected identifier, the calculated index for `Contributions[]` pointed outside the array. This fix avoids the issue by skipping unsupported identifiers.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D76543
Files:
llvm/test/tools/llvm-dwp/X86/unknown-section-id.s
llvm/tools/llvm-dwp/llvm-dwp.cpp
Index: llvm/tools/llvm-dwp/llvm-dwp.cpp
===================================================================
--- llvm/tools/llvm-dwp/llvm-dwp.cpp
+++ llvm/tools/llvm-dwp/llvm-dwp.cpp
@@ -216,6 +216,10 @@
StringRef DWPName;
};
+static bool isSupportedSectionKind(DWARFSectionKind Kind) {
+ return Kind >= DW_SECT_INFO && Kind <= DW_SECT_MACRO;
+}
+
static StringRef getSubsection(StringRef Section,
const DWARFUnitIndex::Entry &Entry,
DWARFSectionKind Kind) {
@@ -241,6 +245,8 @@
// Zero out the debug_info contribution
Entry.Contributions[0] = {};
for (auto Kind : TUIndex.getColumnKinds()) {
+ if (!isSupportedSectionKind(Kind))
+ continue;
auto &C = Entry.Contributions[Kind - DW_SECT_INFO];
C.Offset += I->Offset;
C.Length = I->Length;
@@ -618,6 +624,8 @@
NewEntry.DWOName = ID.DWOName;
NewEntry.DWPName = Input;
for (auto Kind : CUIndex.getColumnKinds()) {
+ if (!isSupportedSectionKind(Kind))
+ continue;
auto &C = NewEntry.Contributions[Kind - DW_SECT_INFO];
C.Offset += I->Offset;
C.Length = I->Length;
Index: llvm/test/tools/llvm-dwp/X86/unknown-section-id.s
===================================================================
--- /dev/null
+++ llvm/test/tools/llvm-dwp/X86/unknown-section-id.s
@@ -0,0 +1,56 @@
+## The test checks that llvm-dwp avoids an out of bound access when there is
+## an unknown section identifier in the index section.
+## Before a fix that skips unsupported section identifiers, the test failed
+## when LLVM is built with UBSan.
+
+# RUN: llvm-mc -triple x86_64-unknown-linux-gnu %s -filetype=obj -o %t.dwp
+# RUN: llvm-dwp %t.dwp -o -
+
+.section .debug_abbrev.dwo, "e", @progbits
+.LAbbrevBegin:
+ .uleb128 1 # Abbreviation Code
+ .uleb128 17 # DW_TAG_compile_unit
+ .byte 1 # DW_CHILDREN_no
+ .uleb128 0x2131 # DW_AT_GNU_dwo_id
+ .uleb128 7 # DW_FORM_data8
+ .byte 0 # EOM(1)
+ .byte 0 # EOM(2)
+ .byte 0 # EOM(3)
+.LAbbrevEnd:
+
+ .section .debug_info.dwo, "e", @progbits
+.LCUBegin:
+ .long .LCUEnd-.LCUVersion # Length of Unit
+.LCUVersion:
+ .short 4 # Version
+ .long 0 # Abbrev offset
+ .byte 8 # Address size
+ .uleb128 1 # Abbrev [1] DW_TAG_compile_unit
+ .quad 0x1100001122222222 # DW_AT_GNU_dwo_id
+.LCUEnd:
+
+ .section .debug_cu_index, "", @progbits
+## Header:
+ .long 2 # Version
+ .long 3 # Section count
+ .long 1 # Unit count
+ .long 2 # Slot count
+## Hash Table of Signatures:
+ .quad 0x1100001122222222
+ .quad 0
+## Parallel Table of Indexes:
+ .long 1
+ .long 0
+## Table of Section Offsets:
+## Row 0:
+ .long 1 # DW_SECT_INFO
+ .long 3 # DW_SECT_ABBREV
+ .long 0 # Invalid (unknown) section identifier
+## Row 1:
+ .long 0 # Offset in .debug_info.dwo
+ .long 0 # Offset in .debug_abbrev.dwo
+ .long 0
+## Table of Section Sizes:
+ .long .LCUEnd-.LCUBegin # Size in .debug_info.dwo
+ .long .LAbbrevEnd-.LAbbrevBegin # Size in .debug_abbrev.dwo
+ .long 1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D76543.251836.patch
Type: text/x-patch
Size: 3602 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200321/5b2af53c/attachment.bin>
More information about the llvm-commits
mailing list