libunwind-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Libunwind-devel] [PATCH] Check that the CIE is within the segment

From: Peter Wu
Subject: Re: [Libunwind-devel] [PATCH] Check that the CIE is within the segment
Date: Mon, 15 Dec 2014 22:04:11 +0100
User-agent: KMail/4.14.3 (Linux/3.17.0-rc4-custom-00168-g7ec62d4; KDE/4.14.3; x86_64; ; ) 
On Monday 15 December 2014 19:34:36 Milian Wolff wrote:
> On Tuesday 25 November 2014 22:10:33 Peter Wu wrote:
> > Due to a bug in the gold linker[1], the .eh_frame and .eh_frame_hdr
> > sections contains garbage. When dwarf_extract_proc_info_from_fde tried
> > to look up the begin of the CIE subsection, it would underflow the
> > .eh_frame segment, resulting in a crash[2].
> > 
> > This patch avoids that crash by checking whether the CIE pointer is
> > located after the begin of the .eh_frame section. The variable "base"
> > was misused in various places as a boolean (decode as .debug_frame or
> > decode as .eh_frame). These instances have been renamed to
> > is_debug_frame where applicable.
> > 
> > Tested on Linux x86_64.
> > 
> >  [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17639
> >  [2]:
> > http://lists.nongnu.org/archive/html/libunwind-devel/2014-11/msg00009.html
> 
> Hello Peter,
> 
> I have an issue with your patch on my machine. With it applied, my tool fails 
> to find backtraces. Attached, you find the libunwind debug output of current 
> master with and without your patch applied. I've also modified libunwind to 
> output a debug message when your patch hits, i.e. the cie_offset_addr < base 
> conditional is met.
> 
> This apparently completely breaks libunwind on my machine...
> 
> 3.17.6-1-ARCH
> Intel(R) Core(TM)2 Quad CPU    Q9550  @ 2.83GHz
> GNU gold (GNU Binutils 2.24) 1.11
> gcc (GCC) 4.9.2
> 
> Do you need any other information?

Hi Milian,

Could you describe how to setup an environment where this problem
occurs? What would help:

 - The program that triggers this crash (preferably source code or some
   official package in the repos). If this is not possible, maybe you
   could dump the .eh_frame and .eh_frame_hdr sections?
 - Compiler flags for this program (if customized).

I checked out git://anongit.kde.org/heaptrack and executed:

    DUMP_HEAPTRACK_OUTPUT=some.txt LD_PRELOAD=./libheaptrack_preload.so
    LD_LIBRARY_PATH=/path/to/libunwind/build/src/.libs $PROGRAM

where $PROGRAM is ls, 'upower --version', 'udevadm monitor', but none of
them trigger a crash.

I also run Arch Linux (with testing repo) and can easily bootstrap a new
Arch VM if necessary.
-- 
Kind regards,
Peter
https://lekensteyn.nl
reply via email to
[Prev in Thread] Current Thread [Next in Thread]