Project

General

Profile

Bug #5425

ld_unwind_populate_hdr likely misaccounts for 'P'

Added by Rich Lowe about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
tools - gate/build tools
Start date:
2014-12-10
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

When reading the personality on seeing 'P' in the augmentation, we do:

                        /* personality */
                        ciePflag = data[off + ndx];
                        ndx++;
                        /*
                         * Just need to extract the
                         * value to move on to the next
                         * field.
                         */
                        (void) dwarf_ehe_extract(
                        &data[off + ndx],
                        &ndx, ciePflag,
                        ofl->ofl_dehdr->e_ident, B_FALSE,
                        shdr->sh_addr, off + ndx, 0);

This accounts for 'ndx' twice, in calling dwarf_ehe_extract, once by adding it to the offset in the buffer, once by using it as dotp. I think this is probably wrong, and over-advances 'ndx'.

In all objects I have handy, 'P' is the last augmentation, so we'll not reference ndx again, and nothing will go wrong, but if that's ever not the case, I suspect bad things will happen.

#1

Updated by Rich Lowe about 6 years ago

  • Category set to tools - gate/build tools
  • Assignee set to Rich Lowe
  • % Done changed from 0 to 90
  • Tags deleted (needs-triage)

I'm wrong, it won't trash 'ndx', of course, it's still being incremented the right amount. It'll just read arbitrary data, possibly out of bounds.

#2

Updated by Electric Monk about 6 years ago

  • Status changed from New to Closed
  • % Done changed from 90 to 100

git commit a33595abb743c413156e63834db73f4df0fdc485

commit  a33595abb743c413156e63834db73f4df0fdc485
Author: Richard Lowe <richlowe@richlowe.net>
Date:   2014-12-17T17:33:42.000Z

    5425 ld_unwind_populate_hdr likely misaccounts for 'P'
    Reviewed by: Alexander Eremin <a.eremin@nexenta.com>
    Reviewed by: Jason King <jason.brian.king@gmail.com>
    Approved by: Dan McDonald <danmcd@omniti.com>

Also available in: Atom PDF