[PATCH] D82886: [DebugInfo] Fix a possible crash when reading a malformed .debug_*lists section.
Igor Kudrin via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Jun 30 09:12:16 PDT 2020
ikudrin created this revision.
ikudrin added reviewers: jhenderson, dblaikie.
ikudrin added projects: LLVM, debug-info.
Herald added subscribers: hiraditya, aprantl.
`DWARFListTableHeader::length()` has a special case for `HeaderData.Length` is zero; however, in that case, the calculated value for `FullLength` is different, which leads to triggering the assertion. The patch moves the assertion a bit later when `FullLength` is already checked for minimal value.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D82886
Files:
llvm/lib/DebugInfo/DWARF/DWARFListTable.cpp
llvm/test/DebugInfo/X86/dwarfdump-rnglists-format-mix.s
Index: llvm/test/DebugInfo/X86/dwarfdump-rnglists-format-mix.s
===================================================================
--- /dev/null
+++ llvm/test/DebugInfo/X86/dwarfdump-rnglists-format-mix.s
@@ -0,0 +1,51 @@
+## The test checks that llvm-dwarfdump with enabled assertions can handle
+## a malformed input file that contains debugging info sections in different
+## formats without crashing.
+
+# RUN: llvm-mc -triple x86_64 %s -filetype=obj -o - \
+# RUN: | not llvm-dwarfdump -debug-info - 2>&1 \
+# RUN: | FileCheck %s
+
+# CHECK: error: parsing a range list table: .debug_rnglists table at offset 0x8 has too small length (0x4) to contain a complete header
+# CHECK: error: decoding address ranges: missing or invalid range list table
+
+ .section .debug_abbrev,"", at progbits
+ .uleb128 0x01 # Abbrev code
+ .uleb128 0x11 # DW_TAG_compile_unit
+ .byte 0x00 # DW_CHILDREN_no
+ .uleb128 0x74 # DW_AT_rnglists_base
+ .uleb128 0x17 # DW_FORM_sec_offset
+ .uleb128 0x55 # DW_AT_ranges
+ .uleb128 0x23 # DW_FORM_rnglistx
+ .byte 0x00 # EOM(1)
+ .byte 0x00 # EOM(2)
+ .byte 0x00 # EOM(3)
+
+ .section .debug_info,"", at progbits
+ .long .LCUEnd-.LCUVersion # Length of Unit (DWARF32)
+.LCUVersion:
+ .short 5 # Version
+ .byte 0x01 # DW_UT_compile
+ .byte 8 # Address Size
+ .long .debug_abbrev # Offset Into Abbrev. Section
+ .byte 1 # Abbrev [1] DW_TAG_compile_unit
+ .long .LRLBase # DW_AT_rnglists_base
+ .uleb128 0 # DW_AT_ranges
+.LCUEnd:
+
+ .section .debug_rnglists,"", at progbits
+ .long 0xffffffff # DWARF64 mark
+ .quad .LRLEnd-.LRL # table length
+.LRL:
+ .short 5 # version
+ .byte 8 # address size
+ .byte 0 # segment selector size
+ .long 1 # offset entry count
+.LRLBase:
+ .long .LRL0-.LRLBase
+.LRL0:
+ .byte 7 # DW_RLE_start_length
+ .quad 0x15
+ .uleb128 0x20
+ .byte 0 # DW_RLE_end_of_list
+.LRLEnd:
Index: llvm/lib/DebugInfo/DWARF/DWARFListTable.cpp
===================================================================
--- llvm/lib/DebugInfo/DWARF/DWARFListTable.cpp
+++ llvm/lib/DebugInfo/DWARF/DWARFListTable.cpp
@@ -29,13 +29,13 @@
uint8_t OffsetByteSize = Format == dwarf::DWARF64 ? 8 : 4;
uint64_t FullLength =
HeaderData.Length + dwarf::getUnitLengthFieldByteSize(Format);
- assert(FullLength == length());
if (FullLength < getHeaderSize(Format))
return createStringError(errc::invalid_argument,
"%s table at offset 0x%" PRIx64
" has too small length (0x%" PRIx64
") to contain a complete header",
SectionName.data(), HeaderOffset, FullLength);
+ assert(FullLength == length());
uint64_t End = HeaderOffset + FullLength;
if (!Data.isValidOffsetForDataOfSize(HeaderOffset, FullLength))
return createStringError(errc::invalid_argument,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D82886.274506.patch
Type: text/x-patch
Size: 3302 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200630/9bfaa9b4/attachment.bin>
More information about the llvm-commits
mailing list