Author: Jorge Gorbe Moya Date: 2020-04-07T14:44:42-07:00 New Revision: 82576d6fecfec71725eb900111c000d772002449
URL: https://github.com/llvm/llvm-project/commit/82576d6fecfec71725eb900111c000d772002449 DIFF: https://github.com/llvm/llvm-project/commit/82576d6fecfec71725eb900111c000d772002449.diff LOG: [libunwind] Fix UB in EHHeaderParser::findFDE When the EHHeaderInfo object filled by decodeEHHdr has fde_count == 0, findFDE does the following: - sets low = 0 and len = hdrInfo.fde_count as a preparation to start a binary search - because len is 0, the binary search loop is skipped - the code still tries to find a table entry at hdrInfo.table + low * tableEntrySize, and decode it. This is wrong when fde_count is 0, and trying to decode a table entry that isn't there will lead to reading garbage offsets and can cause segfaults. Differential Revision: https://reviews.llvm.org/D77679 Added: Modified: libunwind/src/EHHeaderParser.hpp Removed: ################################################################################ diff --git a/libunwind/src/EHHeaderParser.hpp b/libunwind/src/EHHeaderParser.hpp index 0101835b8e63..f97cca54825f 100644 --- a/libunwind/src/EHHeaderParser.hpp +++ b/libunwind/src/EHHeaderParser.hpp @@ -109,6 +109,8 @@ bool EHHeaderParser<A>::findFDE(A &addressSpace, pint_t pc, pint_t ehHdrStart, hdrInfo)) return false; + if (hdrInfo.fde_count == 0) return false; + size_t tableEntrySize = getTableEntrySize(hdrInfo.table_enc); pint_t tableEntry; _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
