Bug #10816
closed
ctf_dwarf_convert_type() relies on un-initialized id
100%
Description
http://smartos.org/bugview/OS-7663
A ctfconvert of a pkgsrc libjvm.so fails with EINVAL. This is not a great surprise, since it's full of C++, but I took a look as to why, and found the following:
We are trying to create a pointer to a class. That is:
ctf_dwarf_convert_type(tag DW_TAG_pointer_type)
ctf_dwarf_create_reference()
ctf_dwarf_convert_type(tag DW_TAG_class_type)
class_type is ignored in the enumeration, and we return 0. But in this case, we also never set idp. And we have:
1494 static int
1495 ctf_dwarf_create_reference(ctf_cu_t *cup, Dwarf_Die die, ctf_id_t *idp,
1496 int kind, int isroot)
1497 {
1498 int ret;
1499 ctf_id_t id;
...
1541 if ((*idp = ctf_add_reftype(cup->cu_ctfp, isroot, name, id, kind)) ==
1542 CTF_ERR) {
"Luckily", this ends up as < 0 in my build, and we then error out with EINVAL. But we could equally charge on with an ID that happens to be valid. We should explicitly initialize id in this case to CTF_ERR.
Updated by Electric Monk over 4 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
git commit 3eca610387779e26c8c63e26d2ba418b0cd1bf5a
commit 3eca610387779e26c8c63e26d2ba418b0cd1bf5a
Author: John Levon <john.levon@joyent.com>
Date: 2019-05-03T09:15:58.000Z
10816 ctf_dwarf_convert_type() relies on un-initialized id
10817 ctfconvert -i option is mis-handled
10818 Improve ctfconvert error messages
10819 ctfconvert should handle empty dies
10820 ctfconvert -i never converts
10821 bad free in ctf_dwarf_init_die
10815 shouldn't build gcore.c as part of kmdb
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Approved by: Gordon Ross <gwr@nexenta.com>