[PATCH, Libbacktrace] Fix possible SEGV when handling stripped PIE binaries.

Maxim Ostapenko m.ostapenko@partner.samsung.com
Wed Mar 2 14:21:00 GMT 2016


On 02/03/16 16:59, Ian Lance Taylor wrote:
> On Wed, Mar 2, 2016 at 12:51 AM, Maxim Ostapenko
> <m.ostapenko@partner.samsung.com> wrote:
>> When testing ASan on large system, I've noticed that sometimes it crashes
>> with SEGV in Libbacktrace when trying to symbolize stripped PIE (compiled
>> with -pie -fPIC) binaries in fully stripped environment (this means that all
>> dependent libraries are also stripped). Here a scenario I've observed:
>>
>> 1) _asan_backtrace_initialize calls elf_add passing &elf_fileline_fn as
>> output parameter to properly initialize it.
>> 2) elf_add doesn't elf_fileline_fn initialize and returns -1 for stripped
>> PIE binary.
>> 3) _asan_backtrace_initialize calls phdr_callback on each dependent library
>> via dl_iterate_phdr.
>> 4) phdr_callback initializes elf_fileline_fn iff it found debug info in some
>> library (found_dwarf == 1), but this is false since all libs are stripped.
>> So, we still have uninitialized elf_fileline_fn value.
>> 5) _asan_backtrace_initialize uses elf_fileline_fn to initialize proper
>> fileline_fn callback.
>> 6) Libbacktrace uses fileline_fn callback later and crashes because it
>> contains garbage.
>>
>> This patch fixes the issue by simply initializing elf_fileline_fn via
>> elf_nodebug in _asan_backtrace_initialize prologue.
>>
>> Tested on x86_64-linux-gnu and arm-linux-gnueabi, OK for trunk?
> Thanks for the analysis.  I would rather set *fileline_fn in the case
> where elf_add returns -1.  Or, remove the setting of *fileline_fn =
> elf_nodebug in elf_add, since that would become the default.
>
> Ian
>

Thanks, does this look better (I used the second option)?

-Maxim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libbacktrace-2.patch
Type: text/x-diff
Size: 976 bytes
Desc: not available
URL: <http://gcc.gnu.org/pipermail/gcc-patches/attachments/20160302/9aab066c/attachment.bin>


More information about the Gcc-patches mailing list