diff options
author | Saleem Abdulrasool <compnerd@compnerd.org> | 2022-03-31 17:32:22 +0000 |
---|---|---|
committer | Dave Watson <dade.watson@gmail.com> | 2022-05-22 11:09:21 -0700 |
commit | a2c3f776df97233904988845719cb78a34eb6eda (patch) | |
tree | 9f38740e7c44a5948c36dff9186d6d41389430b6 | |
parent | 33e31bcaba73e1414435bc4b4cfb7cf42bc92130 (diff) | |
download | libunwind-a2c3f776df97233904988845719cb78a34eb6eda.tar.gz |
DWARF: avoid invalid memory access with invalid CFI
In the case that the CFI is incorrect, the return address column entry
may be incorrect and point outside of the range of the program. Add a
cheap validation to prevent the errant memory access.
-rw-r--r-- | src/dwarf/Gparser.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/dwarf/Gparser.c b/src/dwarf/Gparser.c index 66976dcb..2edb511d 100644 --- a/src/dwarf/Gparser.c +++ b/src/dwarf/Gparser.c @@ -845,6 +845,15 @@ apply_reg_state (struct dwarf_cursor *c, struct dwarf_reg_state *rs) int i, ret; void *arg; + /* In the case that we have incorrect CFI, the return address column may be + * outside the valid range of data and will read invalid data. Protect + * against the errant read and indicate that we have a bad frame. */ + if (rs->ret_addr_column >= DWARF_NUM_PRESERVED_REGS) { + Dprintf ("%s: return address entry %zu is outside of range of CIE", + __FUNCTION__, rs->ret_addr_column); + return -UNW_EBADFRAME; + } + prev_ip = c->ip; prev_cfa = c->cfa; |