[PATCH, Libbacktrace] Fix possible SEGV when handling stripped PIE binaries.
Maxim Ostapenko
m.ostapenko@partner.samsung.com
Wed Mar 2 08:51:00 GMT 2016
Hi!
When testing ASan on large system, I've noticed that sometimes it
crashes with SEGV in Libbacktrace when trying to symbolize stripped PIE
(compiled with -pie -fPIC) binaries in fully stripped environment (this
means that all dependent libraries are also stripped). Here a scenario
I've observed:
1) _asan_backtrace_initialize calls elf_add passing &elf_fileline_fn as
output parameter to properly initialize it.
2) elf_add doesn't elf_fileline_fn initialize and returns -1 for
stripped PIE binary.
3) _asan_backtrace_initialize calls phdr_callback on each dependent
library via dl_iterate_phdr.
4) phdr_callback initializes elf_fileline_fn iff it found debug info in
some library (found_dwarf == 1), but this is false since all libs are
stripped. So, we still have uninitialized elf_fileline_fn value.
5) _asan_backtrace_initialize uses elf_fileline_fn to initialize proper
fileline_fn callback.
6) Libbacktrace uses fileline_fn callback later and crashes because it
contains garbage.
This patch fixes the issue by simply initializing elf_fileline_fn via
elf_nodebug in _asan_backtrace_initialize prologue.
Tested on x86_64-linux-gnu and arm-linux-gnueabi, OK for trunk?
-Maxim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libbacktrace.patch
Type: text/x-diff
Size: 635 bytes
Desc: not available
URL: <http://gcc.gnu.org/pipermail/gcc-patches/attachments/20160302/61243a42/attachment.bin>
More information about the Gcc-patches
mailing list