This is an archive of the discontinued LLVM Phabricator instance.

Differential D41615

[DebugInfo] Don't crash when given invalid DWARFv5 line table prologue.
ClosedPublic

Authored by JDevlieghere on Dec 28 2017, 8:56 AM.

Details

Reviewers
probinson
aprantl
Commits
rGcbf651f7399f: [DebugInfo] Don't crash when given invalid DWARFv5 line table prologue.
rL321863: [DebugInfo] Don't crash when given invalid DWARFv5 line table prologue.
Summary

This patch replaces an assertion with an explicit check for the validity
of the FORM parameters. The assertion was triggered when the DWARFv5
line table contained a zero address size.

This fixes OSS-Fuzz Issue 4644
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4644

Diff Detail

Repository
rL LLVM

Event Timeline

JDevlieghere created this revision.Dec 28 2017, 8:56 AM
JDevlieghere added a comment.Dec 28 2017, 9:00 AM

Paul, Adrian, if you guys think there's a better place to check this, please let me know. This solution felt the most generic, but maybe we can warn about this earlier (& with a more informative message). Does it ever make sense for the address size to be zero?

probinson added a comment.Dec 28 2017, 10:32 AM

In a real object file it should never be zero. There are a bunch of places in the unittests where I construct one with version and addrsize both zero; those would have to be fixed if we wanted to have a check somewhere other than for a form that actually cares about that stuff.

JDevlieghere added a comment.Dec 28 2017, 12:19 PM
In D41615#964884, @probinson wrote:

In a real object file it should never be zero. There are a bunch of places in the unittests where I construct one with version and addrsize both zero; those would have to be fixed if we wanted to have a check somewhere other than for a form that actually cares about that stuff.

Alternatively we can keep this for a check in the verifier.

aprantl accepted this revision.Jan 2 2018, 9:38 AM

SGTM.

This revision is now accepted and ready to land.Jan 2 2018, 9:38 AM
Closed by commit rL321863: [DebugInfo] Don't crash when given invalid DWARFv5 line table prologue. (authored by JDevlieghere). · Explain WhyJan 5 2018, 2:04 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
trunk/
include/
llvm/
DebugInfo/
DWARF/
2 lines
lib/
DebugInfo/
DWARF/
2 lines
15 lines
test/
DebugInfo/
Inputs/
5 lines

Diff 128718

llvm/trunk/include/llvm/DebugInfo/DWARF/DWARFFormValue.h

Show First 20 LinesShow All 44 Lines▼ Show 20 Lines uint8_t getDwarfOffsetByteSize() const {
switch (Format) { switch (Format) {
case dwarf::DwarfFormat::DWARF32: case dwarf::DwarfFormat::DWARF32:
return 4; return 4;
case dwarf::DwarfFormat::DWARF64: case dwarf::DwarfFormat::DWARF64:
return 8; return 8;
} }
llvm_unreachable("Invalid Format value"); llvm_unreachable("Invalid Format value");
} }
explicit operator bool() const { return Version && AddrSize; }
}; };
class DWARFFormValue { class DWARFFormValue {
public: public:
enum FormClass { enum FormClass {
FC_Unknown, FC_Unknown,
FC_Address, FC_Address,
FC_Block, FC_Block,
▲ Show 20 LinesShow All 261 LinesShow Last 20 Lines

llvm/trunk/lib/DebugInfo/DWARF/DWARFDebugLine.cpp

Show First 20 LinesShow All 262 Lines▼ Show 20 Linesbool DWARFDebugLine::Prologue::parse(const DWARFDataExtractor &DebugLineData,
StandardOpcodeLengths.reserve(OpcodeBase - 1); StandardOpcodeLengths.reserve(OpcodeBase - 1);
for (uint32_t I = 1; I < OpcodeBase; ++I) { for (uint32_t I = 1; I < OpcodeBase; ++I) {
uint8_t OpLen = DebugLineData.getU8(OffsetPtr); uint8_t OpLen = DebugLineData.getU8(OffsetPtr);
StandardOpcodeLengths.push_back(OpLen); StandardOpcodeLengths.push_back(OpLen);
} }
if (getVersion() >= 5) { if (getVersion() >= 5) {
if (!parseV5DirFileTables(DebugLineData, OffsetPtr, EndPrologueOffset, if (!parseV5DirFileTables(DebugLineData, OffsetPtr, EndPrologueOffset,
getFormParams(), U, HasMD5, IncludeDirectories, FormParams, U, HasMD5, IncludeDirectories,
FileNames)) { FileNames)) {
fprintf(stderr, fprintf(stderr,
"warning: parsing line table prologue at 0x%8.8" PRIx64 "warning: parsing line table prologue at 0x%8.8" PRIx64
" found an invalid directory or file table description at" " found an invalid directory or file table description at"
" 0x%8.8" PRIx64 "\n", PrologueOffset, (uint64_t)*OffsetPtr); " 0x%8.8" PRIx64 "\n", PrologueOffset, (uint64_t)*OffsetPtr);
return false; return false;
} }
} else } else
▲ Show 20 LinesShow All 661 LinesShow Last 20 Lines

llvm/trunk/lib/DebugInfo/DWARF/DWARFFormValue.cpp

Show First 20 LinesShow All 58 Lines▼ Show 20 Linesstatic const DWARFFormValue::FormClass DWARF4FormClasses[] = {
DWARFFormValue::FC_Flag, // 0x19 DW_FORM_flag_present DWARFFormValue::FC_Flag, // 0x19 DW_FORM_flag_present
}; };
Optional<uint8_t> Optional<uint8_t>
DWARFFormValue::getFixedByteSize(dwarf::Form Form, DWARFFormValue::getFixedByteSize(dwarf::Form Form,
const DWARFFormParams Params) { const DWARFFormParams Params) {
switch (Form) { switch (Form) {
case DW_FORM_addr: case DW_FORM_addr:
assert(Params.Version && Params.AddrSize && "Invalid Params for form"); if (Params)
return Params.AddrSize; return Params.AddrSize;
return None;
case DW_FORM_block: // ULEB128 length L followed by L bytes. case DW_FORM_block: // ULEB128 length L followed by L bytes.
case DW_FORM_block1: // 1 byte length L followed by L bytes. case DW_FORM_block1: // 1 byte length L followed by L bytes.
case DW_FORM_block2: // 2 byte length L followed by L bytes. case DW_FORM_block2: // 2 byte length L followed by L bytes.
case DW_FORM_block4: // 4 byte length L followed by L bytes. case DW_FORM_block4: // 4 byte length L followed by L bytes.
case DW_FORM_string: // C-string with null terminator. case DW_FORM_string: // C-string with null terminator.
case DW_FORM_sdata: // SLEB128. case DW_FORM_sdata: // SLEB128.
case DW_FORM_udata: // ULEB128. case DW_FORM_udata: // ULEB128.
case DW_FORM_ref_udata: // ULEB128. case DW_FORM_ref_udata: // ULEB128.
case DW_FORM_indirect: // ULEB128. case DW_FORM_indirect: // ULEB128.
case DW_FORM_exprloc: // ULEB128 length L followed by L bytes. case DW_FORM_exprloc: // ULEB128 length L followed by L bytes.
case DW_FORM_strx: // ULEB128. case DW_FORM_strx: // ULEB128.
case DW_FORM_addrx: // ULEB128. case DW_FORM_addrx: // ULEB128.
case DW_FORM_loclistx: // ULEB128. case DW_FORM_loclistx: // ULEB128.
case DW_FORM_rnglistx: // ULEB128. case DW_FORM_rnglistx: // ULEB128.
case DW_FORM_GNU_addr_index: // ULEB128. case DW_FORM_GNU_addr_index: // ULEB128.
case DW_FORM_GNU_str_index: // ULEB128. case DW_FORM_GNU_str_index: // ULEB128.
return None; return None;
case DW_FORM_ref_addr: case DW_FORM_ref_addr:
assert(Params.Version && Params.AddrSize && "Invalid Params for form"); if (Params)
return Params.getRefAddrByteSize(); return Params.getRefAddrByteSize();
return None;
case DW_FORM_flag: case DW_FORM_flag:
case DW_FORM_data1: case DW_FORM_data1:
case DW_FORM_ref1: case DW_FORM_ref1:
case DW_FORM_strx1: case DW_FORM_strx1:
case DW_FORM_addrx1: case DW_FORM_addrx1:
return 1; return 1;
Show All 14 Lines case DW_FORM_addrx4:
return 4; return 4;
case DW_FORM_strp: case DW_FORM_strp:
case DW_FORM_GNU_ref_alt: case DW_FORM_GNU_ref_alt:
case DW_FORM_GNU_strp_alt: case DW_FORM_GNU_strp_alt:
case DW_FORM_line_strp: case DW_FORM_line_strp:
case DW_FORM_sec_offset: case DW_FORM_sec_offset:
case DW_FORM_strp_sup: case DW_FORM_strp_sup:
assert(Params.Version && Params.AddrSize && "Invalid Params for form"); if (Params)
return Params.getDwarfOffsetByteSize(); return Params.getDwarfOffsetByteSize();
return None;
case DW_FORM_data8: case DW_FORM_data8:
case DW_FORM_ref8: case DW_FORM_ref8:
case DW_FORM_ref_sig8: case DW_FORM_ref_sig8:
case DW_FORM_ref_sup8: case DW_FORM_ref_sup8:
return 8; return 8;
case DW_FORM_flag_present: case DW_FORM_flag_present:
▲ Show 20 LinesShow All 549 LinesShow Last 20 Lines

llvm/trunk/test/DebugInfo/Inputs/invalid.linetable

  • This is a binary file.

llvm/trunk/test/DebugInfo/dwarfdump-invalid-line-table.test

Verify that dwarfdump doesn't crash on invalid line table prologue.
OSS-Fuzz Issue 4644 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4644)
RUN: llvm-dwarfdump --verbose %p/Inputs/invalid.linetable 2>&1 | FileCheck %s --check-prefix=INVALID-LINE-TABLE
INVALID-LINE-TABLE: invalid directory or file table description