| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Make --absolute (including the compilation directory in file names)
the default and add a new option --relative to get the previous
default behavior.
https://www.sourceware.org/bugzilla/show_bug.cgi?id=28951
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
_FORTIFY_SOURCE=3 adds extra glibc (dynamic) fortification checks
when using GCC 12.
This adds a configure check to see if -D_FORTIFY_SOURCE=3 can be used.
If not, configure will fall back to -D_FORTIFY_SOURCE=2.
On some older glibc versions (glibc 2.17) using -D_FORTIFY_SOURCE=3
provides the same fortification as _FORTIFY_SOURCE=2. On some newer
glibc versions and older GCC (glibc 2.34 amd gcc 11) using
-D_FORTIFY_SOURCE=3 produces a not supported warning (and we fall
back to -D_FORTIFY_SOURCE=2). With newer glibc and newer GCC versions
(glibc 2.35 and gcc 12) -D_FORTIFY_SOURCE=3 will use the newer dynamic
fortification checks.
This patch also makes sure that AC_PROG_CXX is used earlier so that
CXXFLAGS is always setup correctly (even if we then don't use it).
And it outputs both the CFLAGS and CXXFLAGS as used at the end.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code in ppc_initreg.c used PTRACE_PEEKUSER to fetch all registers
one by one. Which is slightly inefficient. It did this because it wanted
things to work on linux 2.6.18 which didn't support PTRACE_GETREGSET.
PTRACE_GETREGSET was only officially since 2.6.34 (but backported
to some earlier versions). It seems ok to require a linux kernel that
supports PTRACE_GETREGSET now. This is much more efficient since it
takes just one ptrace call instead of 44 calls to fetch each register
individually.
For some really old versions we need to include <linux/ptrace.h> to
get PTRACE_GETREGSET defined. And on ppc64 there is no 32bit version
of struct pt_regs available, so we define that ourselves and check
how much data is returned to know whether this is a full pt_regs or
one for a 32bit process. An alternative would be to use the raw
iov_base bytes with 64bit or 32bit offset constants to get at the
registers instead of using a struct with names.
The code works for inspecting a 32bit process from a 64bit build,
but not the other way around (the previous code also didn't). This
could work if we also defined and used a 64bit pt_regs struct on
ppc32. But it seems a use case that is not really used (it was hard
enough finding ppc32 setups to test this on).
Tested against ppc and ppc64 on linux 2.6.32 and glibc 2.12 and
ppc and ppc64 on linux 3.10.0 with glibc 2.17.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
Add reference to /etc/profile.d and /etc/debuginfod/*.urls as possible
source of default. (No need to autoconf @prefix@ it, these paths are
customarily distro standard rather than elfutils configurables.)
Drop warning about federation loops, due to protection via PR27917 (0.186).
Signed-off-by: Frank Ch. Eigler <fche@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The gcc undefined sanitizer complains when seeing a zero sized array
declaration. Move the declaration to the point in the code where we
know they aren't zero sized.
https://sourceware.org/bugzilla/show_bug.cgi?id=28720
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The xlate functions only handle correctly aligned buffers. But they do
handle src == dest. So if the source buffer isn't aligned correctly
just copy it first into the destination (which is already correctly
aligned).
https://sourceware.org/bugzilla/show_bug.cgi?id=28720
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
The buffer_available overflow check wasn't complete. Also check nb
isn't too big.
https://sourceware.org/bugzilla/show_bug.cgi?id=28720
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
| |
The gcc undefined sanitizer doesn't like the trick we use to calculate
the (possibly) unaligned addresses to read. So calculate them by hand
as unsigned char pointers.
https://sourceware.org/bugzilla/show_bug.cgi?id=28720
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
| |
Make sure that when calling xlatetom for Phdrs and Dyns in
dwfl_link_map_report the input buffer is correctly aligned by calling
memcpy and setting in.d_buf to out.d_buf.
https://sourceware.org/bugzilla/show_bug.cgi?id=28720
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The callers of dwfl_elf_phdr_memory_callback assume at least minread
bytes are read and available. Make sure to check start is smaller than
elf->maximum_size before reading more. Return false if end - start is
smaller than minread.
Found by afl-fuzz.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
There was a small memory leak if an error was detected in some places
in dwfl_segment_report_module after the build_id.memory was alredy
allocated. Fix this by moving initialization of struct elf_build_id
early and always free the memory, if not NULL, at exit.
https://sourceware.org/bugzilla/show_bug.cgi?id=28685
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The xlate functions only handle correctly aligned buffers. But they do
handle src == dest. So if the source buffer isn't aligned correctly
just copy it first into the destination (which is already correctly
aligned).
https://sourceware.org/bugzilla/show_bug.cgi?id=28715
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
The xlate functions only handle correctly aligned buffers. But they do
handle src == dest. So if the source buffer isn't aligned correctly
just copy it first into the destination (which is already correctly
aligned).
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
The xlate functions only handle correctly aligned buffers. But they do
handle src == dest. So if the source buffer isn't aligned correctly
just copy it first into the destination (which is already correctly
aligned).
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
| |
Make sure that the notes filesz is not too big. Rewrite reading of the
notes to check for overflow at every step. Also limit the size of the
buildid bytes.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
| |
In dwfl_segment_report_module dyn_filesz should be able to hold at
least one Elf_Dyn element, and not be larger than possible.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
| |
dwfl_segment_report_module might otherwise try to handle half a phdr
taking the other half from after the buffer.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
| |
The elf shdr state only needs to be set when scncnt is at least
one. Otherwise e_shoff can be bogus. Also use unsigned arithmetic for
checking e_shoff alignment.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
| |
In dwfl_segment_report_module we have an overflow check when reading
notes, but we could still not make any progress if the number of bytes
read (len) didn't increase at all. Check len > last_len.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
At the end of dwfl_segment_report_module we might try to read in
the whole contents described by a core file. To do this we first
allocate a zeroed block of memory that is as big as possible. The
core file however may describe much more loaded data than is actually
available in the Elf image. So pass the maximum size so we can
limit the amount of memory we reserve.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
In dwfl_segment_report_module the note data might not be properly
aligned. Check that it is before accessing the data directly.
Otherwise convert data so it is properly aligned.
Also fix NOTE_ALIGN4 and NOTE_ALIGN8 to work correctly with long
types.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
| |
The buffer read in needs to contain room for at least one Phdr.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
| |
The buffer read in needs to contain room for at least one Elf32_Dyn or
Elf64_Dyn entry.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
run-debuginfod-query-retry.sh would fail when /bin/ls wasn't available.
Use /bin/sh instead which really is always available.
GNU Guix doesn't have any other standard binary in /bin except for sh.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
| |
While iterating the notes we could overflow the len variable if the
note name or description was too big. Fix this by adding an (unsigned)
overflow check.
https://sourceware.org/bugzilla/show_bug.cgi?id=28654
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
| |
dwfl_link_map_report can only handle program headers that are the
correct (32 or 64 bit) size. The buffer read in needs to contain room
for at least one Phdr.
https://sourceware.org/bugzilla/show_bug.cgi?id=28660
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc undefined sanitizer flags:
elf_begin.c:230:18: runtime error: member access within misaligned
address 0xf796400a for type 'struct Elf64_Shdr', which requires 4 byte
alignment struct.
We aren't actually accessing the field member of the struct, but are
taking the address of it. Which the compiler can take as a hint that
the address is correctly aligned. But we can do the same by adding
the field offsetof to the base address. Which doesn't trigger a
runtime error.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
time_t is platform dependent and some of architectures e.g.
x32, riscv32, arc use 64bit time_t even while they are 32bit
architectures, therefore directly using integer printf formats will not
work portably.
Use a plain long everywhere as the intervals are small enough
that it will not be problematic.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code in dwfl_segment_report_module tries to allocate and fill in
memory as described in a core file. Normally all memory in filled in
through the (phdrs) memory_callback or the read_eagerly callback. If
the last callback doesn't work we try to calloc file_trimmed_end bytes
and then try to fill in the parts of memory we can from the core file
at the correct offsets.
file_trimmed_end is a GElf_Off which is an unsigned 64bit type. On
32bit systems this means when cast to a size_t to do an allocation
might allocate truncated (much smaller) value. So make sure to not
allocate more than SIZE_MAX bytes.
It would be nice to have a better way to limit the amount of memory
allocated here. A core file might describe really big memory areas for
which it doesn't provide any data. In that case we really shouldn't
calloc mega- or giga-bytes of zeroed out memory.
Reported-by: Evgeny Vereshchagin <evvers@ya.ru>
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add an option -C, which activates libmicrohttpd's thread-pool mode for
handling incoming http connections. Add libmicrohttpd error-logging
callback function so as to receive indication of its internal errors,
and relay counts to our metrics. Some of these internal errors tipped
us off to a microhttpd bug that thread pooling works around. Document
in debuginfod.8 page. Hand-tested against "ulimit -u NNN" shells, and
with a less strenuous new test case.
Signed-off-by: Frank Ch. Eigler <fche@redhat.com>
|
| |
|
|
|
|
|
|
| |
When trying to read (corrupt) dynamic entries from a core file we only
want to read and convert the entries we could read. Also make sure we
don't try to allocate too bug a buffer.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
dwfl_segment_report_module can be called with the same module
name, start and end address twice (probably because of a corrupt
core file). In that case don't override the main.elf handle if
it already exists.
https://sourceware.org/bugzilla/show_bug.cgi?id=28655
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When calulating the possible section header table end us the actual size
of the section headers (sizeof (Elf32_Shdr) or sizeof (Elf64_Shdr)),
not the ELF header e_shentsize value, which can be corrupted. This
prevents a posssible overflow, but we check the shdrs_end is sane
later anyway.
https://sourceware.org/bugzilla/show_bug.cgi?id=28659
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
Without the program header entry size we cannot search through the
phdrs.
https://sourceware.org/bugzilla/show_bug.cgi?id=28657
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
| |
When trying to read (corrupt) phdrs from a core file we only want
to read and convert the bytes we could read. Also make sure we don't
try to allocate too big buffers.
https://sourceware.org/bugzilla/show_bug.cgi?id=28666
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Keep the logs just plain unformatted text.
This really is a workaround for an apparent bug with gcc 8.3
-fsanitizer=undefined on arm32, which complains about the
'right' formatter:
debuginfod.cxx:3472:12: runtime error: reference binding to
misaligned address 0x00561ec9 for type '<unknown>', which
requires 2 byte alignment
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--enable-sanitize-address makes sure that all code is compiled with
-fsanitizer=address and all tests run against libasan.
It can be combined with --enable-sanitize-undefined, but not with
--enable-valgrind.
In maintainer mode there is one program that causes leaks, i386_gendis,
so disable leak detection for that program.
One testcase, test_nlist, needs special linker flags, make sure it also
uses -fsanitizer=address when using the address sanitizer.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
| |
gcc address sanitizer detected a dangling debuginfod_client handler
when debuginfod exits. Make sure to groom the debuginfod client pool
before exit after all threads are done.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In function ‘printf’,
inlined from ‘handle_attr’ at varlocs.c:932:3:
error: ‘%s’ directive argument is null [-Werror=format-overflow=]
The warning is technically correct. A %s argument should not be
NULL. Although in practice all implementations will print it as
"(null)". Workaround this by simply changing the dwarf string
functions to return an "<unknown>" string. The test is for the correct
names, either "(null)" or "<unknown>" would make it fail (also remove
a now unnecessary assert, the switch statement will check for unknown
opcodes anyway).
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In function ‘strncpy’,
inlined from ‘print_ehdr’ at readelf.c:1175:4:
error: ‘__builtin_strncpy’ specified bound 512 equals destination size
[-Werror=stringop-truncation]
strncpy doesn't terminate the copied string if there is not enough
room. We compensate later by explicitly adding a zero terminator at
buf[sizeof (buf) - 1]. Normally gcc does see this, but with
-fsanitize=address there is too much (checking) code in between. But
it is actually better to not let strncpy do too much work, so
substract one from the size.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
Although unlikely the MHD_add_response_header can fail for
various reasons. If it fails something odd is going on.
So check we can actually add a response header and log an
error if we cannot.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
The ELF might not be fully mapped into memory (which probably means
the phdrs are bogus). Don't try to read beyond what we have in memory
already.
Reported-by: Evgeny Vereshchagin <evvers@ya.ru>
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
| |
The intern() function called set_metrics() outside a necessary lock
being held. helgrind identified this race condition. No QA impact.
Signed-off-by: Frank Ch. Eigler <fche@redhat.com>
|
| |
|
|
|
|
|
|
| |
gcc address sanitizer detected a leak of the debuginfod_client
winning_headers when the handle was reused. Make sure to free and
reset the winning_headers field before reuse.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
In a couple of places we might leak some memory when we encounter
an error. tmp_url might leak if realloc failed. escaped_string might
leak when setting up the data handle fails and we don't use it.
And one of the goto out1 should have been goto out2 to make sure
we release all allocated resources on exit (also updated a wrong
comment about that).
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
| |
gcc address sanitizer detected a read after the end of string in
sqlite3_sharedprefix_fn. Make sure to stop comparing the strings when
seeing the zero terminator.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
| |
Since we are multi-threaded using gmtime might cause a data race
because gmtime reuses a global struct to write data into. Make
sure that each thread uses their own struct tm and use gmtime_r
instead.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dwfl-proc-attach uses (overrides) dlopen (so it does nothing). This
seems to cause a versioned dlopen symbol to be pulled in when building
with LTO. Resulting in a link failure (when dlopen isn't integrated
into libc):
/usr/bin/ld: dwfl-proc-attach.o (symbol from plugin): undefined
reference to symbol 'dlopen@@GLIBC_2.2.5'
/usr/bin/ld: /usr/lib64/libdl.so.2: error adding symbols: DSO missing
from command line collect2: error: ld returned 1 exit status
Add -rdynamic to the LDFLAGS to add all symbols to the dynamic symbol
table for dwfl-proc-attach.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dwfl_linux_kernel_report_modules_ has an outstanding ancient bug when
reading kernel module information from a modules list file. The target
buffer for the module name was sized too small to hold potential values.
Fix that by increasing the value to account for the null termination.
In practice, this unlikely ever happened, but it now got diagnosed by
LLVM as part of a stricter -Wfortify-source implementation [1]:
libdwfl/linux-kernel-modules.c:1019:7: error: 'sscanf' may overflow; destination buffer in argument 3 has size 128, but the corresponding specifier may require size 129 [-Werror,-Wfortify-source]
modname, &modsz, &modaddr) == 3)
[1] https://github.com/llvm/llvm-project/commit/2db66f8d48beeea835cb9a6940e25bc04ab5d941
Suggested-by: Paul Pluzhnikov <ppluzhnikov@google.com>
Signed-off-by: Matthias Maennich <maennich@google.com>
|
| |
|
|
|
|
|
| |
Various tests set DEBUGINFOD_TIMEOUT to 10. Which is less than the default
of 90. None of the tests relied on a lower timeout. So just don't set it.
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
