This is an archive of the discontinued LLVM Phabricator instance.

Differential D143012

Add a bit of error checking to SBProcess::ReadMemory to check if a nullptr destination buffer was provided, return error
ClosedPublic

Authored by jasonmolenda on Jan 31 2023, 1:39 PM.

Details

Reviewers
JDevlieghere
mib
Commits
rG62c747517cd9: Check if null buffer handed to SBProcess::ReadMemory
Summary

I helped a developer using SB API yesterday who had a bug and tried to read 0xffffffffffffffe8 with SBProcess::ReadMemory. swig would try to malloc a buffer for that, which would fail but was not checked, and hand the nullptr to ReadMemory. lldb would continue on until it tried to copy bytes into the nullptr and crash.

Fixing the script was obvious, but having lldb crash out from under the script made it a little harder to debug. I think we should check for a null buffer at the SBProcess API point and return an error there.

Added a quick test to the ProcessAPI test. This call will cause a huge malloc which should safely fail on every platform I think? We may need to revise if this ends up crashing lldb on some target I guess.

Diff Detail

Event Timeline

jasonmolenda created this revision.Jan 31 2023, 1:39 PM
Herald added a project: Restricted Project. · View Herald TranscriptJan 31 2023, 1:39 PM
jasonmolenda requested review of this revision.Jan 31 2023, 1:39 PM
Herald added a subscriber: lldb-commits. · View Herald TranscriptJan 31 2023, 1:39 PM
Harbormaster completed remote builds in B211064: Diff 493722.Jan 31 2023, 1:56 PM
jasonmolenda added a reviewer: mib.Feb 6 2023, 3:00 PM
JDevlieghere accepted this revision.Feb 6 2023, 3:02 PM

LGTM modulo inline comments

lldb/source/API/SBProcess.cpp
807–811

Nit: this isn't using bytes_read so I'd move the new code above it.

lldb/test/API/python_api/process/TestProcessAPI.py
82–84

self.assertFalse(error.Success(), "SBProcessReadMemory claims to have successfully read 0xffffffffffffffe8 bytes")

This revision is now accepted and ready to land.Feb 6 2023, 3:02 PM
mib accepted this revision.Feb 6 2023, 3:32 PM

LGTM with @JDevlieghere comments.

lldb/source/API/SBProcess.cpp
807–811

+1

jasonmolenda updated this revision to Diff 495634.Feb 7 2023, 1:46 PM

Update patch for Jonas' suggestions.

Harbormaster completed remote builds in B212465: Diff 495634.Feb 7 2023, 1:50 PM
Closed by commit rG62c747517cd9: Check if null buffer handed to SBProcess::ReadMemory (authored by jasonmolenda). · Explain WhyFeb 7 2023, 2:16 PM
This revision was automatically updated to reflect the committed changes.
jasonmolenda added a commit: rG62c747517cd9: Check if null buffer handed to SBProcess::ReadMemory.

Revision Contents

PathSize
lldb/
source/
API/
7 lines
test/
API/
python_api/
process/
14 lines

Diff 495642

lldb/source/API/SBProcess.cpp

Show First 20 LinesShow All 796 Lines▼ Show 20 Linesconst char *SBProcess::GetBroadcasterClass() {
return Process::GetStaticBroadcasterClass().AsCString(); return Process::GetStaticBroadcasterClass().AsCString();
} }
size_t SBProcess::ReadMemory(addr_t addr, void *dst, size_t dst_len, size_t SBProcess::ReadMemory(addr_t addr, void *dst, size_t dst_len,
SBError &sb_error) { SBError &sb_error) {
LLDB_INSTRUMENT_VA(this, addr, dst, dst_len, sb_error); LLDB_INSTRUMENT_VA(this, addr, dst, dst_len, sb_error);
size_t bytes_read = 0; if (!dst) {
sb_error.SetErrorStringWithFormat(
"no buffer provided to read %zu bytes into", dst_len);
return 0;
}
size_t bytes_read = 0;
JDevlieghereUnsubmitted
Not Done
ReplyInline Actions

Nit: this isn't using bytes_read so I'd move the new code above it.

JDevlieghere: Nit: this isn't using `bytes_read` so I'd move the new code above it.
mibUnsubmitted
Not Done
ReplyInline Actions

+1

mib: +1
ProcessSP process_sp(GetSP()); ProcessSP process_sp(GetSP());
if (process_sp) { if (process_sp) {
Process::StopLocker stop_locker; Process::StopLocker stop_locker;
if (stop_locker.TryLock(&process_sp->GetRunLock())) { if (stop_locker.TryLock(&process_sp->GetRunLock())) {
std::lock_guard<std::recursive_mutex> guard( std::lock_guard<std::recursive_mutex> guard(
process_sp->GetTarget().GetAPIMutex()); process_sp->GetTarget().GetAPIMutex());
▲ Show 20 LinesShow All 456 LinesShow Last 20 Lines

lldb/test/API/python_api/process/TestProcessAPI.py

Show First 20 LinesShow All 66 Lines▼ Show 20 Lines def test_read_memory(self):
print("memory content:", content) print("memory content:", content)
self.expect( self.expect(
content, content,
"Result from SBProcess.ReadMemory() matches our expected output: 'x'", "Result from SBProcess.ReadMemory() matches our expected output: 'x'",
exe=False, exe=False,
startstr=b'x') startstr=b'x')
# Try to read an impossibly large amount of memory; swig
# will try to malloc it and fail, we should get an error
# result.
error = lldb.SBError()
content = process.ReadMemory(
val.AddressOf().GetValueAsUnsigned(),
0xffffffffffffffe8, error)
if error.Success():
self.assertFalse(error.Success(), "SBProcessReadMemory claims to have "
"successfully read 0xffffffffffffffe8 bytes")
JDevlieghereUnsubmitted
Not Done
ReplyInline Actions

self.assertFalse(error.Success(), "SBProcessReadMemory claims to have successfully read 0xffffffffffffffe8 bytes")

JDevlieghere: `self.assertFalse(error.Success(), "SBProcessReadMemory claims to have successfully read…
if self.TraceOn():
print("Tried to read 0xffffffffffffffe8 bytes, got error message: ",
error.GetCString())
# Read (char *)my_char_ptr. # Read (char *)my_char_ptr.
val = frame.FindValue("my_char_ptr", lldb.eValueTypeVariableGlobal) val = frame.FindValue("my_char_ptr", lldb.eValueTypeVariableGlobal)
self.DebugSBValue(val) self.DebugSBValue(val)
cstring = process.ReadCStringFromMemory( cstring = process.ReadCStringFromMemory(
val.GetValueAsUnsigned(), 256, error) val.GetValueAsUnsigned(), 256, error)
if not error.Success(): if not error.Success():
self.fail("SBProcess.ReadCStringFromMemory() failed") self.fail("SBProcess.ReadCStringFromMemory() failed")
if self.TraceOn(): if self.TraceOn():
▲ Show 20 LinesShow All 378 LinesShow Last 20 Lines