This is an archive of the discontinued LLVM Phabricator instance.

Differential D75925

[lldb] reject `.debug_arange` sections with nonzero segment size
ClosedPublic

Authored by ldrumm on Mar 10 2020, 8:12 AM.

Details

Reviewers
clayborg
jasonmolenda
labath
Commits
rG0fa3320931e9: [lldb] reject `.debug_arange` sections with nonzero segment size
Summary
If a producer emits a nonzero segment size, `lldb` will silently read
incorrect values and crash, or do something worse later, as the tuple
size is expected to be 2, rather than 3.

Neither LLVM, nor GCC produce segmented aranges, but this dangerous case
should still be checked and handled.

Diff Detail

Event Timeline

ldrumm created this revision.Mar 10 2020, 8:12 AM
Harbormaster failed remote builds in B48689: Diff 249386!Mar 10 2020, 9:12 AM
clayborg added a comment.Mar 10 2020, 2:11 PM

Change looks good, just needs a test. Should be easy to take a simple binary that has a .debug_aranges, and run obj2yaml on it, and tweak the segment size as needed?

clayborg added a reviewer: labath.Mar 10 2020, 2:12 PM
labath added a comment.Mar 11 2020, 4:41 AM
In D75925#1915693, @clayborg wrote:

Change looks good, just needs a test. Should be easy to take a simple binary that has a .debug_aranges, and run obj2yaml on it, and tweak the segment size as needed?

In this case I think the cleanest solution would be to write a c++ unit test: create a simple debug_aranges header (just hardcode bytes, nothing fancy), pass it to DWARFDebugArangesSet::extract, and check the result.

ldrumm updated this revision to Diff 249663.EditedMar 11 2020, 10:07 AM

I found similar unittests for other DWARF entries which allow me to check more about the parser state, so I went with Pavel's suggestion for the testcase

Harbormaster failed remote builds in B48835: Diff 249663!Mar 11 2020, 10:46 AM
clayborg added a comment.Mar 11 2020, 2:45 PM

lgtm once all formatting issues are taken care of. Pavel?

labath accepted this revision.Mar 12 2020, 3:26 AM

Looks good, just run clang-format before committing.

This revision is now accepted and ready to land.Mar 12 2020, 3:26 AM
Closed by commit rG0fa3320931e9: [lldb] reject `.debug_arange` sections with nonzero segment size (authored by ldrumm). · Explain WhyMar 12 2020, 5:54 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lldb/
source/
Plugins/
SymbolFile/
DWARF/
7 lines

Diff 249386

lldb/source/Plugins/SymbolFile/DWARF/DWARFDebugArangeSet.cpp

Context not available.
// 1 - the version looks good // 1 - the version looks good
// 2 - the address byte size looks plausible // 2 - the address byte size looks plausible
// 3 - the length seems to make sense // 3 - the length seems to make sense
// size looks plausible // 4 - size looks plausible
// 5 - the arange tuples do not contain a segment field
if (m_header.version < 2 || m_header.version > 5) if (m_header.version < 2 || m_header.version > 5)
return llvm::make_error<llvm::object::GenericBinaryError>( return llvm::make_error<llvm::object::GenericBinaryError>(
"Invalid arange header version"); "Invalid arange header version");
Context not available.
return llvm::make_error<llvm::object::GenericBinaryError>( return llvm::make_error<llvm::object::GenericBinaryError>(
"Invalid arange header length"); "Invalid arange header length");
if (m_header.seg_size)
return llvm::make_error<llvm::object::GenericBinaryError>(
"segmented arange entries are not supported");
// The first tuple following the header in each set begins at an offset // The first tuple following the header in each set begins at an offset
// that is a multiple of the size of a single tuple (that is, twice the // that is a multiple of the size of a single tuple (that is, twice the
// size of an address). The header is padded, if necessary, to the // size of an address). The header is padded, if necessary, to the
Context not available.