This is an archive of the discontinued LLVM Phabricator instance.

Differential D156367

[BSDArchive] NULL check the child object file ptr before accessing its member
ClosedPublic

Authored by kusmour on Jul 26 2023, 2:03 PM.

Details

Reviewers
clayborg
bulbazord
yinghuitan
Commits
rG4b9eed9c64f3: [BSDArchive] NULL check the child object file ptr before accessing its member
Summary

Recently we've observed lldb crashes caused by missing object file linked to a thin archive (.a) files. The crash is due to a missing NULL check in the code when looking for child object file referred by the thin archive. Malformed archive file should not crash LLDB. Instead, it should report the error and continue.

New error message will look like the following

error: libfoo.a(__objects__/foo/barAppDelegate.mm.o) failed to load objfile for path/to/libfoo.a.
Debugging will be degraded for this module.

Test Plan:

llvm-lit test

./bin/llvm-lit -sv ../llvm-project/lldb/test/API/functionalities/archives/TestBSDArchives.py

Test without code change will error out with LLDB crash

--
Command Output (stderr):
--
PASS: LLDB (~/llvm-upstream/Debug/bin/clang-arm64) :: test (TestBSDArchives.BSDArchivesTestCase)
PASS: LLDB (~/llvm-upstream/Debug/bin/clang-arm64) :: test_frame_var_errors_when_archive_missing (TestBSDArchives.BSDArchivesTestCase)
FAIL: LLDB (~/llvm-upstream/Debug/bin/clang-arm64) :: test_frame_var_errors_when_mtime_mistmatch_for_object_in_archive (TestBSDArchives.BSDArchivesTestCase)
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.      HandleCommand(command = "b a")
1.      HandleCommand(command = "breakpoint set --name 'a'")
Fatal Python error: Segmentation fault

Current thread 0x00000001f7b99e00 (most recent call first):
  File "~/llvm-upstream/Debug/bin/LLDB.framework/Resources/Python/lldb/__init__.py", line 3270 in HandleCommand
  File "~/llvm-upstream/llvm-project/lldb/packages/Python/lldbsuite/test/lldbtest.py", line 2070 in runCmd
  File "~/llvm-upstream/llvm-project/lldb/packages/Python/lldbsuite/test/lldbtest.py", line 2421 in expect
  File "~/llvm-upstream/llvm-project/lldb/test/API/functionalities/archives/TestBSDArchives.py", line 156 in test_frame_var_errors_when_thin_archive_malformed
...

Diff Detail

Event Timeline

kusmour created this revision.Jul 26 2023, 2:03 PM
Herald added a project: Restricted Project. · View Herald TranscriptJul 26 2023, 2:03 PM
kusmour requested review of this revision.Jul 26 2023, 2:03 PM
Harbormaster completed remote builds in B248362: Diff 544507.Jul 26 2023, 2:06 PM
kusmour edited the summary of this revision. (Show Details)Jul 26 2023, 2:18 PM
bulbazord requested changes to this revision.Jul 26 2023, 2:26 PM

This makes sense to me. I have one question and one change request though.

lldb/source/Core/Module.cpp
1288–1290

Why did you switch from the llvm::formatv style to the printf style?

lldb/source/Plugins/ObjectContainer/BSD-Archive/ObjectContainerBSDArchive.cpp
543–545

This will only fail if child_data_sp is valid and the sizes aren't matching. You probably want to fail if child_data_sp is invalid every time, not just if the sizes differ.

This revision now requires changes to proceed.Jul 26 2023, 2:26 PM
kusmour added inline comments.Jul 26 2023, 2:37 PM
lldb/source/Plugins/ObjectContainer/BSD-Archive/ObjectContainerBSDArchive.cpp
543–545

If we fail on invalid child_data_sp every time, then it won't fall back to FindPlugin below. Is it guarantee that invalid child_data_sp indicates failure finding object file?

yinghuitan added a comment.Jul 26 2023, 2:59 PM

How hard it is to add an invalid archive to trigger the crash and test this code path?

kusmour updated this revision to Diff 544539.Jul 26 2023, 3:13 PM

Switch back to use llvm::formatv printf and rebase

Harbormaster completed remote builds in B248389: Diff 544539.Jul 26 2023, 3:16 PM
bulbazord added a comment.Jul 26 2023, 3:19 PM

Comment aside, I think Jeffrey brings up a good point. Can you add a test to trigger this code path? I'm not sure if you can create an archive from yaml2obj, but perhaps you can use yaml2obj to create an object file and put it into an archive?

lldb/source/Plugins/ObjectContainer/BSD-Archive/ObjectContainerBSDArchive.cpp
543–545

Hmm, that's a good point. Reading the implementation of ObjectFile::FindPlugin, it looks like it does have a check for child_data_sp and handles this case explicitly. My suggestion doesn't apply and what you've written is likely correct.

kusmour added a comment.Jul 26 2023, 3:26 PM
In D156367#4536870, @yinghuitan wrote:

How hard it is to add an invalid archive to trigger the crash and test this code path?

There's API test for archive already, I will add one more test case :D

clayborg added inline comments.Jul 26 2023, 3:54 PM
lldb/source/Plugins/ObjectContainer/BSD-Archive/ObjectContainerBSDArchive.cpp
543–545

We should only continue calling into ObjectFile::FindPlugin if child_data_sp is valid. So this should be:

543–545

In any ObjectContainer subclasss, like ObjectContainerBSDArchive, the idea is one files contain multiple different object files. If we fail to extract the part of the data from the current container file, then there is no reason to continue. I suggest using the code I suggested above which is exactly what Alex suggested as they is the right thing to do!

clayborg added a comment.Jul 26 2023, 3:57 PM
In D156367#4536929, @kusmour wrote:
In D156367#4536870, @yinghuitan wrote:

How hard it is to add an invalid archive to trigger the crash and test this code path?

There's API test for archive already, I will add one more test case :D

You might see if "obj2yaml" supports BSD files. If so, you can create a simple BSD file with one .o file and then run obj2yaml on it so it can then test by running yaml2obj. The idea is you might be able to edit the yaml so that the file offsets are incorrect so we can reproduce. This might case the "yaml2obj" to fail though as there may be checks that prohibit bad BSD files from being created. Otherwise we might need to check in a .a file with a single small .o file and then do some hex editing on the file to mess up the file offset and or file size.

clayborg added a comment.Jul 26 2023, 4:08 PM

Another possible way to make a bad .a file is to truncate the file. We would need to figure out where to truncate it, but that might be an easier way to make a bad .a file

kusmour updated this revision to Diff 544595.Jul 26 2023, 9:49 PM
kusmour marked 4 inline comments as done.
kusmour edited the summary of this revision. (Show Details)

Added API test for malformed thin BSD archive
Addressed comments

kusmour marked an inline comment as done.Jul 26 2023, 9:50 PM
Harbormaster completed remote builds in B248430: Diff 544595.Jul 26 2023, 9:53 PM
yinghuitan accepted this revision.Jul 27 2023, 9:00 AM

Assuming the test fails/crashes without the change then LGTM.

kusmour edited the summary of this revision. (Show Details)Jul 27 2023, 9:33 AM
Herald added a subscriber: kristof.beyls. · View Herald TranscriptJul 27 2023, 9:33 AM
kusmour edited the summary of this revision. (Show Details)Jul 27 2023, 9:37 AM
kusmour edited the summary of this revision. (Show Details)
bulbazord accepted this revision.Jul 27 2023, 10:13 AM

My concerns have been addressed. LGTM

This revision is now accepted and ready to land.Jul 27 2023, 10:13 AM
Closed by commit rG4b9eed9c64f3: [BSDArchive] NULL check the child object file ptr before accessing its member (authored by kusmour). · Explain WhyJul 27 2023, 10:22 AM
This revision was automatically updated to reflect the committed changes.
kusmour added a commit: rG4b9eed9c64f3: [BSDArchive] NULL check the child object file ptr before accessing its member.
Herald added a project: Restricted Project. · View Herald TranscriptJul 27 2023, 10:22 AM
Herald added a subscriber: lldb-commits. · View Herald Transcript
bulbazord added a comment.Jul 27 2023, 11:36 AM

Hey, I think this may have broken the green dragon bots. Could you take a look and fix forward or revert? Thanks

https://green.lab.llvm.org/green/view/LLDB/job/as-lldb-cmake/3262/ (You can ignore the import-std-module tests, those have been broken some time and are being worked on AFAIK).

Herald added a subscriber: JDevlieghere. · View Herald TranscriptJul 27 2023, 11:36 AM
kusmour added a comment.Jul 27 2023, 5:20 PM
In D156367#4539916, @bulbazord wrote:

Hey, I think this may have broken the green dragon bots. Could you take a look and fix forward or revert? Thanks

https://green.lab.llvm.org/green/view/LLDB/job/as-lldb-cmake/3262/ (You can ignore the import-std-module tests, those have been broken some time and are being worked on AFAIK).

Fixed by commit: 4520cc066b2ffe5ac261e3aca887cba3f113b1ff

kusmour mentioned this in D156564: [lldb] Fix test TestBSDArchives.py properly.Jul 28 2023, 11:54 AM
kusmour mentioned this in rGca76281917d0: [lldb] Fix test TestBSDArchives.py properly.Aug 1 2023, 1:39 PM

Revision Contents

PathSize
lldb/
source/
Core/
3 lines
Plugins/
ObjectContainer/
BSD-Archive/
3 lines
test/
API/
functionalities/
archives/
7 lines
52 lines

Diff 544845

lldb/source/Core/Module.cpp

Show First 20 LinesShow All 1,279 Lines▼ Show 20 Lines if (!m_did_load_objfile.load()) {
if (m_objfile_sp) { if (m_objfile_sp) {
// Once we get the object file, update our module with the object // Once we get the object file, update our module with the object
// file's architecture since it might differ in vendor/os if some // file's architecture since it might differ in vendor/os if some
// parts were unknown. But since the matching arch might already be // parts were unknown. But since the matching arch might already be
// more specific than the generic COFF architecture, only merge in // more specific than the generic COFF architecture, only merge in
// those values that overwrite unspecified unknown values. // those values that overwrite unspecified unknown values.
m_arch.MergeFrom(m_objfile_sp->GetArchitecture()); m_arch.MergeFrom(m_objfile_sp->GetArchitecture());
} else { } else {
ReportError("failed to load objfile for {0}", ReportError("failed to load objfile for {0}\nDebugging will be "
"degraded for this module.",
GetFileSpec().GetPath().c_str()); GetFileSpec().GetPath().c_str());
bulbazordUnsubmitted
Done
ReplyInline Actions

Why did you switch from the llvm::formatv style to the printf style?

bulbazord: Why did you switch from the `llvm::formatv` style to the printf style?
} }
} }
} }
} }
return m_objfile_sp.get(); return m_objfile_sp.get();
} }
SectionList *Module::GetSectionList() { SectionList *Module::GetSectionList() {
▲ Show 20 LinesShow All 428 LinesShow Last 20 Lines

lldb/source/Plugins/ObjectContainer/BSD-Archive/ObjectContainerBSDArchive.cpp

Show First 20 LinesShow All 534 Lines▼ Show 20 Lines if (module_sp->GetObjectName() && m_archive_sp) {
// Set file to child object file // Set file to child object file
FileSpec child = GetChildFileSpecificationsFromThin( FileSpec child = GetChildFileSpecificationsFromThin(
object->ar_name.GetStringRef(), m_file); object->ar_name.GetStringRef(), m_file);
lldb::offset_t file_offset = 0; lldb::offset_t file_offset = 0;
lldb::offset_t file_size = object->size; lldb::offset_t file_size = object->size;
std::shared_ptr<DataBuffer> child_data_sp = std::shared_ptr<DataBuffer> child_data_sp =
FileSystem::Instance().CreateDataBuffer(child, file_size, FileSystem::Instance().CreateDataBuffer(child, file_size,
file_offset); file_offset);
if (child_data_sp->GetByteSize() != object->file_size) if (!child_data_sp ||
child_data_sp->GetByteSize() != object->file_size)
return ObjectFileSP(); return ObjectFileSP();
bulbazordUnsubmitted
Done
ReplyInline Actions
file_offset);
- if (child_data_sp &&
+ if (!child_data_sp ||
child_data_sp->GetByteSize() != object->file_size)
return ObjectFileSP();

This will only fail if child_data_sp is valid and the sizes aren't matching. You probably want to fail if child_data_sp is invalid every time, not just if the sizes differ.

bulbazord: This will only fail if `child_data_sp` is valid and the sizes aren't matching. You probably…
kusmourAuthorUnsubmitted
Done
ReplyInline Actions

If we fail on invalid child_data_sp every time, then it won't fall back to FindPlugin below. Is it guarantee that invalid child_data_sp indicates failure finding object file?

kusmour: If we fail on invalid `child_data_sp` every time, then it won't fall back to FindPlugin below.
bulbazordUnsubmitted
Done
ReplyInline Actions

Hmm, that's a good point. Reading the implementation of ObjectFile::FindPlugin, it looks like it does have a check for child_data_sp and handles this case explicitly. My suggestion doesn't apply and what you've written is likely correct.

bulbazord: Hmm, that's a good point. Reading the implementation of `ObjectFile::FindPlugin`, it looks like…
clayborgUnsubmitted
Done
ReplyInline Actions

In any ObjectContainer subclasss, like ObjectContainerBSDArchive, the idea is one files contain multiple different object files. If we fail to extract the part of the data from the current container file, then there is no reason to continue. I suggest using the code I suggested above which is exactly what Alex suggested as they is the right thing to do!

clayborg: In any ObjectContainer subclasss, like ObjectContainerBSDArchive, the idea is one files contain…
clayborgUnsubmitted
Done
ReplyInline Actions
file_offset);
- if (child_data_sp &&
+ if (!child_data_sp ||
child_data_sp->GetByteSize() != object->file_size)
return ObjectFileSP();

We should only continue calling into ObjectFile::FindPlugin if child_data_sp is valid. So this should be:

clayborg: We should only continue calling into ObjectFile::FindPlugin if child_data_sp is valid. So this…
lldb::offset_t data_offset = 0; lldb::offset_t data_offset = 0;
return ObjectFile::FindPlugin( return ObjectFile::FindPlugin(
module_sp, &child, m_offset + object->file_offset, module_sp, &child, m_offset + object->file_offset,
object->file_size, child_data_sp, data_offset); object->file_size, child_data_sp, data_offset);
} }
lldb::offset_t data_offset = object->file_offset; lldb::offset_t data_offset = object->file_offset;
return ObjectFile::FindPlugin( return ObjectFile::FindPlugin(
module_sp, file, m_offset + object->file_offset, object->file_size, module_sp, file, m_offset + object->file_offset, object->file_size,
▲ Show 20 LinesShow All 96 LinesShow Last 20 Lines

lldb/test/API/functionalities/archives/Makefile

C_SOURCES := main.c a.c b.c c.c C_SOURCES := main.c a.c b.c c.c
EXE := # Define a.out explicitly EXE := # Define a.out explicitly
MAKE_DSYM := NO MAKE_DSYM := NO
all: a.out libbar.a all: a.out libbar.a libfoo-thin.a
a.out: main.o libfoo.a a.out: main.o libfoo.a
$(LD) $(LDFLAGS) $^ -o $@ $(LD) $(LDFLAGS) $^ -o $@
libfoo.a: a.o b.o libfoo.a: a.o b.o
$(AR) $(ARFLAGS) $@ $^ $(AR) $(ARFLAGS) $@ $^
# This tests whether lldb can load a thin archive # This tests whether lldb can load a thin archive
libbar.a: c.o libbar.a: c.o
$(eval LLVM_AR := $(LLVM_TOOLS_DIR)/llvm-ar) $(eval LLVM_AR := $(LLVM_TOOLS_DIR)/llvm-ar)
$(eval LLVM_ARFLAGS := -rcsDT) $(eval LLVM_ARFLAGS := -rcsDT)
$(LLVM_AR) $(LLVM_ARFLAGS) $@ $^ $(LLVM_AR) $(LLVM_ARFLAGS) $@ $^
libfoo-thin.a: a.o b.o
$(eval LLVM_AR := $(LLVM_TOOLS_DIR)/llvm-ar)
$(eval LLVM_ARFLAGS := -rcsDT)
$(LLVM_AR) $(LLVM_ARFLAGS) $@ $^
include Makefile.rules include Makefile.rules

lldb/test/API/functionalities/archives/TestBSDArchives.py

Show First 20 LinesShow All 125 Lines▼ Show 20 Lines def test_frame_var_errors_when_archive_missing(self):
error_strings = [ error_strings = [
'debug map object file "', 'debug map object file "',
'libfoo.a(a.o)" containing debug info does not exist, debug info will not be loaded', 'libfoo.a(a.o)" containing debug info does not exist, debug info will not be loaded',
] ]
self.check_frame_variable_errors(thread, error_strings) self.check_frame_variable_errors(thread, error_strings)
@skipIfRemote @skipIfRemote
@skipUnlessDarwin @skipUnlessDarwin
def test_frame_var_errors_when_thin_archive_malformed(self):
"""
Create thin archive libfoo.a and make it malformed to make sure
we don't crash and report an appropriate error when resolving
breakpoint using debug map.
"""
self.build()
exe = self.getBuildArtifact("a.out")
libfoo_path = self.getBuildArtifact("libfoo.a")
libthin_path = self.getBuildArtifact("libfoo-thin.a")
objfile_a = self.getBuildArtifact("a.o")
# Replace the libfoo.a file with a thin archive containing the same
# debug information (a.o, b.o). Then remove a.o from the file system
# so we force an error when we set a breakpoint on a() function.
# Since the a.o is missing, the debug info won't be loaded and we
# should see an error when trying to break into a().
os.remove(libfoo_path)
shutil.copyfile(libthin_path, libfoo_path)
os.remove(objfile_a)
self.runCmd("file " + exe, CURRENT_EXECUTABLE_SET)
# We won't be able to see source file
self.expect(
"b a",
substrs=["Breakpoint 1: where = a.out`a, address ="],
)
# Break at a() should fail
(target, process, thread, bkpt) = lldbutil.run_to_name_breakpoint(
self, "a", bkpt_module=exe
)
error_strings = [
'"a.o" object from the "',
"libfoo.a\" archive: either the .o file doesn't exist in the archive or the modification time (0x",
") of the .o file doesn't match",
]
self.check_frame_variable_errors(thread, error_strings)
# Break at b() should succeed
(target, process, thread, bkpt) = lldbutil.run_to_name_breakpoint(
self, "b", bkpt_module=exe
)
self.expect(
"thread list",
STOPPED_DUE_TO_BREAKPOINT,
substrs=["stopped", "stop reason = breakpoint"],
)
self.expect(
"frame variable", VARIABLES_DISPLAYED_CORRECTLY, substrs=["(int) arg = 2"]
)
@skipIfRemote
@skipUnlessDarwin
def test_frame_var_errors_when_mtime_mistmatch_for_object_in_archive(self): def test_frame_var_errors_when_mtime_mistmatch_for_object_in_archive(self):
""" """
Break inside a() and modify the modification time for "a.o" within Break inside a() and modify the modification time for "a.o" within
libfoo.a to make sure we can't load the debug information and libfoo.a to make sure we can't load the debug information and
report an appropriate error when doing 'frame variable'. report an appropriate error when doing 'frame variable'.
""" """
self.build() self.build()
exe = self.getBuildArtifact("a.out") exe = self.getBuildArtifact("a.out")
Show All 22 Lines