ld_unwind_populate_hdr likely misaccounts for 'P'
When reading the personality on seeing 'P' in the augmentation, we do:
/* personality */ ciePflag = data[off + ndx]; ndx++; /* * Just need to extract the * value to move on to the next * field. */ (void) dwarf_ehe_extract( &data[off + ndx], &ndx, ciePflag, ofl->ofl_dehdr->e_ident, B_FALSE, shdr->sh_addr, off + ndx, 0);
This accounts for 'ndx' twice, in calling dwarf_ehe_extract, once by adding it to the offset in the buffer, once by using it as dotp. I think this is probably wrong, and over-advances 'ndx'.
In all objects I have handy, 'P' is the last augmentation, so we'll not reference ndx again, and nothing will go wrong, but if that's ever not the case, I suspect bad things will happen.
Updated by Rich Lowe almost 7 years ago
- Category set to tools - gate/build tools
- Assignee set to Rich Lowe
- % Done changed from 0 to 90
- Tags deleted (
I'm wrong, it won't trash 'ndx', of course, it's still being incremented the right amount. It'll just read arbitrary data, possibly out of bounds.
Updated by Electric Monk almost 7 years ago
- Status changed from New to Closed
- % Done changed from 90 to 100
commit a33595abb743c413156e63834db73f4df0fdc485 Author: Richard Lowe <firstname.lastname@example.org> Date: 2014-12-17T17:33:42.000Z 5425 ld_unwind_populate_hdr likely misaccounts for 'P' Reviewed by: Alexander Eremin <email@example.com> Reviewed by: Jason King <firstname.lastname@example.org> Approved by: Dan McDonald <email@example.com>