Hi Ulrich, On Tue, Aug 09, 2022 at 08:01:43PM +0200, Ulrich Drepper via Elfutils-devel wrote: > He dwarf_next_cfi function has some clever code which skips over the > processing of the augmentation string content if the first character is 'z' > (for sized augmentation). This would be OK if it wouldn't be for the fact > that the augment processing loop produces additional information, namely, > it fills in the fde_augmentation_data_size fields. That information isn't > available elsewhere. > > In addition, the loop over the augment string is incorrect because the > interpretation of the P, L, and R entries depends on 'z' being present. in > the absence of 'z', when the loop would be executed in the current version, > the interpretation of those entries is not the same. > > In the patch below I've removed the shortcut and fixed the handling of the > P, L, and R entries. I've also added an additional test checking that the > entries of the augmentation string don't guide the code to consume more > data then is indicated in the 'z' data.
Looks good. Thanks for catching this. Please do add a Signed-off-by line next time. See the CONTRIBUTING file. I was wondering why this hasn't caused an issue before. But it looks like internally when we use the result of dwarf_next_cfi in cie.c and fde.c we always call __libdw_intern_cie or intern_new_cie which recalculates the fde_augmentation_data_size by reading the augmentation string and data again. Thanks, Mark
