[PATCH] D77679: [libunwind] Fix UB in EHHeaderParser::findFDE
Jorge Gorbe Moya via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Apr 7 14:10:54 PDT 2020
jgorbe created this revision.
jgorbe added reviewers: saugustine, mstorsjo, phosek, compnerd, mclow.lists.
When the `EHHeaderInfo` object filled by `decodeEHHdr ` has `fde_count == 0`, findFDE does the following:
- sets `low = 0` and `len = hdrInfo.fde_count` as a preparation to start a binary search
- because len is 0, the binary search loop is skipped
- the code still tries to find a table entry at `hdrInfo.table + low * tableEntrySize` and decode it.
This is wrong when `fde_count` is 0, and trying to decode a table entry that isn't there will lead to reading garbage offsets and can cause segfaults.
https://reviews.llvm.org/D77679
Files:
libunwind/src/EHHeaderParser.hpp
Index: libunwind/src/EHHeaderParser.hpp
===================================================================
--- libunwind/src/EHHeaderParser.hpp
+++ libunwind/src/EHHeaderParser.hpp
@@ -109,6 +109,8 @@
hdrInfo))
return false;
+ if (hdrInfo.fde_count == 0) return false;
+
size_t tableEntrySize = getTableEntrySize(hdrInfo.table_enc);
pint_t tableEntry;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D77679.255798.patch
Type: text/x-patch
Size: 408 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200407/50860524/attachment.bin>
More information about the llvm-commits
mailing list