[PATCH v3 4/4] libdw: Handle overflowed DW_SECT_INFO offsets in DWARF package file indexes
Mark Wielaard
mark@klomp.org
Fri Mar 1 16:11:05 GMT 2024
Hi,
On Fri, 2024-03-01 at 15:59 +0100, Mark Wielaard wrote:
> This looks correct, but gcc noticed a path to use tu_offset (and
> tu_index) if they weren't initialized or NULL:
>
> In file included from /home/mark/src/elfutils/libdw/libdwP.h:684,
> from /home/mark/src/elfutils/libdw/dwarf_cu_dwp_section_info.c:35:
> In function ‘read_4ubyte_unaligned_1’,
> inlined from ‘__libdw_package_index’ at /home/mark/src/elfutils/libdw/dwarf_cu_dwp_section_info.c:302:34:
> /home/mark/src/elfutils/libdw/memory-access.h:291:12: error: ‘tu_offset’ may be used uninitialized [-Werror=maybe-uninitialized]
> 291 | return up->u4;
> | ~~^~~~
> /home/mark/src/elfutils/libdw/dwarf_cu_dwp_section_info.c: In function ‘__libdw_package_index’:
> /home/mark/src/elfutils/libdw/dwarf_cu_dwp_section_info.c:268:28: note: ‘tu_offset’ was declared here
> 268 | const unsigned char *tu_offset;
> | ^~~~~~~~~
> cc1: all warnings being treated as errors
>
> I couldn't immediately disprove gcc here, so I think it is a good idea
> to add an explicit check for tu_index != NULL.
>
> diff --git a/libdw/dwarf_cu_dwp_section_info.c b/libdw/dwarf_cu_dwp_section_info.c
> index 3d11c87a..9fdc15bf 100644
> --- a/libdw/dwarf_cu_dwp_section_info.c
> +++ b/libdw/dwarf_cu_dwp_section_info.c
> @@ -297,7 +297,8 @@ __libdw_package_index (Dwarf *dbg, bool tu)
> cu_index->debug_info_offsets[cui++] = off;
> cu_offset += cu_index->section_count * 4;
> }
> - else if (unit_type == DW_UT_split_type && tui < tu_count)
> + else if (unit_type == DW_UT_split_type && tu_index != NULL
> + && tui < tu_count)
> {
> if ((off & UINT32_MAX) != read_4ubyte_unaligned (dbg, tu_offset))
> goto not_sorted;
>
> Which makes gcc happy again.
But not all gcc versions apparently. So I added the following on top.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-libdw-Initialize-tu_offset-in-__libdw_package_index.patch
Type: text/x-patch
Size: 1839 bytes
Desc:
URL: <https://sourceware.org/pipermail/elfutils-devel/attachments/20240301/b95950b9/attachment.bin>
More information about the Elfutils-devel
mailing list