From: Aleksei Vetrov
This method allows to read and report ELF from memory instead of opening
a file. That way arbitrary memory can be worked with, e.g. when coming
from a stream without the need to persist.
Another useful application is for fuzzing, because fuzzers might be able
to track access
From: Aleksei Vetrov
elf_memory call in __libdw_open_elf_memory can return NULL. It was not
checked and led to the null pointer dereference.
Signed-off-by: Aleksei Vetrov
---
libdwfl/open.c | 4
tests/dwfl-report-offline-memory.c | 9 +++--
2 files changed, 11 inse
From: Aleksei Vetrov
__libdw_get_uleb128 and __libdw_get_sleb128 should check if addrp has
already reached the end before unrolling the first step. It is done by
moving __libdw_max_len to the beginning of the function, which already
has all the checks.
Signed-off-by: Aleksei Vetrov
---
libdw/m
Hi Mark,
> Did you actually find situations where these functions were called with
addrp
> >= endp?
Yes, for example libdw/libdw_form.c:91:7.
> It turns out that get_[su]leb128 dominates some operations and really does
> have to be as fast as possible. So I do like to know what the impact is of
Hi Mark,
On Sat, Feb 11, 2023 at 11:43 PM Mark Wielaard wrote:
> After this code we will do:
>
> /* There might be one extra byte. */
> unsigned char b = **addrp;
> ++*addrp;
>
> So I think we want to catch that too. Easiest imho seems to move (and
> invert) the max check immediately afte
From: Aleksei Vetrov
__libdw_get_uleb128 and __libdw_get_sleb128 should check if addrp has
already reached the end before unrolling the first step. It is done by
moving __libdw_max_len to the beginning of the function, which can
notice, that addrp is beyond the end. Then we just check the result
From: Aleksei Vetrov
It is expected from libdw to return strings that are null-terminated to
avoid overflowing ELF data.
* Add calculation of a safe prefix inside string sections, where any
string will be null-terminated.
* Check if offset overflows the safe prefix in dwarf_formstring.
Signe
Hello,
In the first version of the patch was typo "secton" everywhere.
Reuploading fixed version.
Aleksei Vetrov (1):
libdw: check that DWARF strings are null-terminated
libdw/dwarf_begin_elf.c | 37 +
libdw/dwarf_formstring.c | 5 -
libdw/libdwP.h
It is expected from libdw to return strings that are null-terminated to
avoid overflowing ELF data.
* Add calculation of a safe prefix inside string sections, where any
string will be null-terminated.
* Check if offset overflows the safe prefix in dwarf_formstring.
Signed-off-by: Aleksei Vetro
Hello, Mark
On Mon, Feb 20, 2023 at 3:55 PM Mark Wielaard wrote:
>
> .debug sections are raw bytes and don't need conversion even when host
> and file have different endian order.
Thank you! I like this patch more for its simplicity, looks good to me.
Hi Evgeny,
On Tue, Feb 21, 2023 at 2:29 AM Evgeny Vereshchagin
wrote:
> Aleksei I wonder if it would be possible to add those fuzz targets to
> OSS-Fuzz? There are blind spots there and I think it would be really
great to
> start covering at least some of them.
We are fuzzing a tool named STG
(h
11 matches
Mail list logo
