[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Libunwind-devel] [PATCH] Check that the CIE is within the segment
From: |
Peter Wu |
Subject: |
Re: [Libunwind-devel] [PATCH] Check that the CIE is within the segment |
Date: |
Mon, 15 Dec 2014 22:04:11 +0100 |
User-agent: |
KMail/4.14.3 (Linux/3.17.0-rc4-custom-00168-g7ec62d4; KDE/4.14.3; x86_64; ; ) |
On Monday 15 December 2014 19:34:36 Milian Wolff wrote:
> On Tuesday 25 November 2014 22:10:33 Peter Wu wrote:
> > Due to a bug in the gold linker[1], the .eh_frame and .eh_frame_hdr
> > sections contains garbage. When dwarf_extract_proc_info_from_fde tried
> > to look up the begin of the CIE subsection, it would underflow the
> > .eh_frame segment, resulting in a crash[2].
> >
> > This patch avoids that crash by checking whether the CIE pointer is
> > located after the begin of the .eh_frame section. The variable "base"
> > was misused in various places as a boolean (decode as .debug_frame or
> > decode as .eh_frame). These instances have been renamed to
> > is_debug_frame where applicable.
> >
> > Tested on Linux x86_64.
> >
> > [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17639
> > [2]:
> > http://lists.nongnu.org/archive/html/libunwind-devel/2014-11/msg00009.html
>
> Hello Peter,
>
> I have an issue with your patch on my machine. With it applied, my tool fails
> to find backtraces. Attached, you find the libunwind debug output of current
> master with and without your patch applied. I've also modified libunwind to
> output a debug message when your patch hits, i.e. the cie_offset_addr < base
> conditional is met.
>
> This apparently completely breaks libunwind on my machine...
>
> 3.17.6-1-ARCH
> Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
> GNU gold (GNU Binutils 2.24) 1.11
> gcc (GCC) 4.9.2
>
> Do you need any other information?
Hi Milian,
Could you describe how to setup an environment where this problem
occurs? What would help:
- The program that triggers this crash (preferably source code or some
official package in the repos). If this is not possible, maybe you
could dump the .eh_frame and .eh_frame_hdr sections?
- Compiler flags for this program (if customized).
I checked out git://anongit.kde.org/heaptrack and executed:
DUMP_HEAPTRACK_OUTPUT=some.txt LD_PRELOAD=./libheaptrack_preload.so
LD_LIBRARY_PATH=/path/to/libunwind/build/src/.libs $PROGRAM
where $PROGRAM is ls, 'upower --version', 'udevadm monitor', but none of
them trigger a crash.
I also run Arch Linux (with testing repo) and can easily bootstrap a new
Arch VM if necessary.
--
Kind regards,
Peter
https://lekensteyn.nl