This is an archive of the discontinued LLVM Phabricator instance.

Differential D127016

[lldb] Prevent crash due to reading memory from page zero.
ClosedPublic

Authored by cassanova on Jun 3 2022, 3:45 PM.

Details

Reviewers
JDevlieghere
mib
Commits
rG0f02dd34f226: [lldb/Commands] Prevent crash due to reading memory from page zero.
Summary

Adds a check to ensure that a process exists before attempting to get its ABI to prevent lldb from crash due to trying to read from page zero.

Diff Detail

Event Timeline

cassanova created this revision.Jun 3 2022, 3:45 PM
Herald added a project: Restricted Project. · View Herald TranscriptJun 3 2022, 3:45 PM
cassanova requested review of this revision.Jun 3 2022, 3:45 PM
Herald added a subscriber: lldb-commits. · View Herald TranscriptJun 3 2022, 3:45 PM
Harbormaster completed remote builds in B167827: Diff 434172.Jun 3 2022, 3:49 PM
kastiglione added a subscriber: kastiglione.Jun 3 2022, 4:11 PM
kastiglione added inline comments.
lldb/source/Commands/CommandObjectMemory.cpp
597–598

Should memory read emit an error if there's no process (and no core file or any other memory to read from)?

mib accepted this revision.Jun 3 2022, 4:23 PM

LGTM with some minor feedbacks :) !

lldb/source/Commands/CommandObjectMemory.cpp
597

Nit: I don't think this is formatted properly

597–598

@kastiglione On Apple's lldb, we get this:

(lldb) x 0
error: error reading data from section __PAGEZERO
(lldb) target delete 0
1 targets deleted.
(lldb) x 0
error: invalid target, create a target using the 'target create' command
(lldb)

Might be an oversight.

lldb/test/Shell/Driver/TestPageZeroRead.test
3

You probably want to check the error string

This revision is now accepted and ready to land.Jun 3 2022, 4:23 PM
cassanova added inline comments.Jun 3 2022, 4:23 PM
lldb/source/Commands/CommandObjectMemory.cpp
597–598

Right now running memory read without a target indicates that there's no target. The input that can cause lldb to crash is x 0 (such as ./bin/lldb -o 'x 0' ./bin/count.

jingham added a subscriber: jingham.EditedJun 3 2022, 5:34 PM

More generally, you can tell which elements of the exe_ctx you need to check in any given command by looking at requirements for the command which are passed into the constructor for the command. Any entity that's required there, you don't need to check for, but otherwise, you do have to check. "CommandObjectMemoryRead" has:

eCommandRequiresTarget | eCommandProcessMustBePaused

so you should not need to check the target, but any references to the process, thread or frame in the exe_ctx must be checked. And if there is a process, you don't need to check whether it is paused or not.

Closed by commit rG0f02dd34f226: [lldb/Commands] Prevent crash due to reading memory from page zero. (authored by cassanova). · Explain WhyJun 8 2022, 3:18 PM
This revision was automatically updated to reflect the committed changes.
cassanova added a commit: rG0f02dd34f226: [lldb/Commands] Prevent crash due to reading memory from page zero..

Revision Contents

PathSize
lldb/
source/
Commands/
5 lines
test/
Shell/
Driver/
3 lines

Diff 434172

lldb/source/Commands/CommandObjectMemory.cpp

Show First 20 LinesShow All 587 Lines▼ Show 20 Lines if (argc > 0)
LLDB_INVALID_ADDRESS, &error); LLDB_INVALID_ADDRESS, &error);
if (addr == LLDB_INVALID_ADDRESS) { if (addr == LLDB_INVALID_ADDRESS) {
result.AppendError("invalid start address expression."); result.AppendError("invalid start address expression.");
result.AppendError(error.AsCString()); result.AppendError(error.AsCString());
return false; return false;
} }
ABISP abi = m_exe_ctx.GetProcessPtr()->GetABI(); ABISP abi;
if (Process * proc = m_exe_ctx.GetProcessPtr())
mibUnsubmitted
Not Done
ReplyInline Actions

Nit: I don't think this is formatted properly

mib: Nit: I don't think this is formatted properly
abi = proc->GetABI();
kastiglioneUnsubmitted
Not Done
ReplyInline Actions

Should memory read emit an error if there's no process (and no core file or any other memory to read from)?

kastiglione: Should `memory read` emit an error if there's no process (and no core file or any other memory…
cassanovaAuthorUnsubmitted
Done
ReplyInline Actions

Right now running memory read without a target indicates that there's no target. The input that can cause lldb to crash is x 0 (such as ./bin/lldb -o 'x 0' ./bin/count.

cassanova: Right now running `memory read` without a target indicates that there's no target. The input…
mibUnsubmitted
Not Done
ReplyInline Actions

@kastiglione On Apple's lldb, we get this:

(lldb) x 0
error: error reading data from section __PAGEZERO
(lldb) target delete 0
1 targets deleted.
(lldb) x 0
error: invalid target, create a target using the 'target create' command
(lldb)

Might be an oversight.

mib: @kastiglione On Apple's lldb, we get this: ``` (lldb) x 0 error: error reading data from…
if (abi) if (abi)
addr = abi->FixDataAddress(addr); addr = abi->FixDataAddress(addr);
if (argc == 2) { if (argc == 2) {
lldb::addr_t end_addr = OptionArgParser::ToAddress( lldb::addr_t end_addr = OptionArgParser::ToAddress(
&m_exe_ctx, command[1].ref(), LLDB_INVALID_ADDRESS, nullptr); &m_exe_ctx, command[1].ref(), LLDB_INVALID_ADDRESS, nullptr);
if (end_addr != LLDB_INVALID_ADDRESS && abi) if (end_addr != LLDB_INVALID_ADDRESS && abi)
end_addr = abi->FixDataAddress(end_addr); end_addr = abi->FixDataAddress(end_addr);
▲ Show 20 LinesShow All 1,182 LinesShow Last 20 Lines

lldb/test/Shell/Driver/TestPageZeroRead.test

  • This file was added.
# Ensure that the read from memory command doesn't try and read from page zero.
# RUN: %clang_host %p/Inputs/hello.c -g -o a.out
# RUN: %lldb -b a.out -o 'x 0'
mibUnsubmitted
Not Done
ReplyInline Actions

You probably want to check the error string

mib: You probably want to check the error string