On Mon, Jun 04, 2018 at 07:05:16PM +0200, Mark Wielaard wrote: > Since we are single threaded we can just use a static result buffer for > format_dwarf_addr as long as we make sure to print the result before > calling format_dwarf_addr again. This removes lots of malloc/free calls.
Almost as soon as I checked this in the afl fuzzer detected that we assumed addresses are max 8 bytes (64bits). So it presented us with a CU that has an address size of 136 bytes... We dutifully try to print that large an address into a buffer that has room for just 8 and crash... First, we should just make sure to always use 32 or 64 bit addresses (and offsets). There is too much code that really relies on them being either 4 bytes or 8 bytes. [PATCH 1/2] libdw: Make sure that address_size and offset_size are 4 Second, it is not really necessary to create a buffer, sprintf into it, then use that buffer to printf to stdio. Just do it directly. [PATCH 2/2] readelf: Turn format_print_dwarf into print_dwarf_addr. Cheers, Mark
