Mark Wielaard [Tue, 9 Jun 2015 14:26:16 +0000 (16:26 +0200)]
strip: Just admit we don't support stripping ar archives for now.
We try to handle (in-place) stripping of ar archives, but since elf_clone
doesn't really support cloning ar members and we don't handle reducing
the size of the members, moving the offsets of other members. This causes
crashes or writing garbage. Better to just admit that for now we don't
support stripping archives. Call error when we see an ELF_K_AR file.
Mark Wielaard [Sat, 6 Jun 2015 21:40:42 +0000 (23:40 +0200)]
libdwfl: Fix memory leak in find_debuginfo_in_path.
commit c4f133 libdwfl: find_debuginfo_in_patch don't alloca/strdupa
strings of unknown size. Introduced a memory leak in the case nothing
was found. Make sure before returning all temporary strings are all
freed.
Mark Wielaard [Sat, 6 Jun 2015 20:49:34 +0000 (22:49 +0200)]
libdwfl: Fix memory leak in cache_sections.
commit be1778 libdwfl: Fix possible unbounded stack usage in cache_sections.
introduced a memory leak. The refs pointers were copied to the sortrefs
array but never freed. Only the array was freed. Also free the elements.
Mark Wielaard [Thu, 4 Jun 2015 14:25:37 +0000 (16:25 +0200)]
libelf: Make sure elf_getdata_rawchunk returns aligned data.
elf_getdata_rawchunk might return an unaligned buffer for the requested
ELF data type. Make sure the data is also correctly aligned when using
an mmapped file. Also add some missing alignments for ELF data types
for __libelf_type_align (the missing types could also make elf_getdata
to return unaligned data).
Mark Wielaard [Wed, 3 Jun 2015 16:50:40 +0000 (18:50 +0200)]
libelf: Make sure conversion functions work on aligned data for type.
The gelf_xlate conversion functions work on properly aligned ELF data
types. If elf_get data needs to do conversion and ! ALLOW_UNALIGNED
and the rawdata_base isn't aligned properly for the section type, then
provide an aligned copy of the data.
Found with --enable-sanitize-undefined in run-test-archive64.sh on x86_64.
Mark Wielaard [Sat, 6 Jun 2015 13:06:22 +0000 (15:06 +0200)]
libdwfl: Report core module segment even when NT_FILE build-id doesn't match.
dwfl_segment_report_module can take the NT_FILE note contents to find
the matching file for the module on the file system from the core file.
If the file exists but the build-id didn't match we would not report the
module. But we should just report the module anyway, ignore the file,
and try to match the ELF image another way.
This issue can be replicated by building and running make check in
/tmp/elfutils with run-backtrace-core-aarch64.sh since that core file
includes a NT_FILE note pointing to /tmp/elfutils/tests/backtrace-child.
Which won't match if it was just recompiled.
Mark Wielaard [Thu, 4 Jun 2015 11:51:27 +0000 (13:51 +0200)]
libelf: Check e_shoff alignment before direct access of Elf(32|64)_Shdr.
In get_shnum the check was whether the Elf(32|64)_Ehdr was correctly
aligned, but to access the Shdr directly we need to check whether the
address that points to the Elf(32|64)_Shdr structure is correctly aligned.
Mark Wielaard [Tue, 2 Jun 2015 08:54:26 +0000 (10:54 +0200)]
libelf: Split checks for ehdr and shdr, drop phdr check in file_read_elf.
There are various places in the code that check whether mmapped structures
are correctly aligned (or ALLOW_UNALIGNED is set). Some of these checks
are asserts. Like the one in elf(32|64)_getshdr. We should not get into
that part of the code if the shdr scn structure was cached in elf_begin
because it was mmapped in and properly aligned.
These asserts could trigger because in elf_begin.c file_read_elf ()
all alignment checks were combined. So even though only one of the ehdr,
shdr or phdr structures were not properly aligned all structures would be
copied. Also the phdr structure was not even read in elf_begin, so the
alignment check was unnecessary.
This patch splits the alignment checks and reading of ehdr and shdr
structures into separate code paths. It also drops the phdr alignment
checks in elf_begin. Those phdr checks are done in elf(32|64)_getphdr
already.
Mark Wielaard [Mon, 1 Jun 2015 15:07:26 +0000 (17:07 +0200)]
libdwfl: Fix memory leak in __libdwfl_open_by_build_id.
commit c57829 introduced a memory leak by passing the path string to
strsep. strsep will change the given pointer and set it to NULL eventually.
Causing the original pointer to leak. Fix by passing a copy of the pointer
to strsep.
Mark Wielaard [Sun, 31 May 2015 21:03:30 +0000 (23:03 +0200)]
Define MODVERSION in a more reproducable way.
We define MODVERSION to make sure the libebl backend modules match the
elfutils build when we dlopen them. Using hostname and date makes it very
hard to create reproducable builds. Define them a little more reproducable
using LIBEBL_SUBDIR, eu_version and ac_cv_build.
Mark Wielaard [Sun, 31 May 2015 20:37:19 +0000 (22:37 +0200)]
Fix sanitize-undefined config check. Don't ALLOW_UNALIGNED when checking.
The -fsanitize=undefined check need to use AC_LINK_IFELSE to make sure
libubsan is installed. When doing undefined checking we should disable
ALLOW_UNALIGNED memory accesses to catch issues where we do unaligned
accesses by accident.
Mark Wielaard [Sat, 30 May 2015 20:50:37 +0000 (22:50 +0200)]
configure: Add check for bunzip2 and maintainer-mode tools.
Without bunzip2 make check cannot be run. To generate all files in
maintainer-mode flex and bison are needed. Otherwise check that
libdw/known-dwarf.h is already generated.
Mark Wielaard [Sat, 23 May 2015 22:07:33 +0000 (00:07 +0200)]
libdwfl: Check mod is not NULL in check_module.
check_module is called from dwfl_module_relocate_address and from
dwfl_module_address_section. Both could take a NULL Dwfl_Module if
an earlier error had occured. Make check_module return immediately
indicating an issue in that case.
All library code now builds with this warning and -Werror enabled.
Add exceptions for most of the src tools (ldgeneric, readelf, nm, size,
strip, elflint, findtextrel, elfcmp objdump, ranlib, ar and unstrip).
Mark Wielaard [Fri, 22 May 2015 21:33:56 +0000 (23:33 +0200)]
libdw: Limit stack usage of temporary dir, file and line lists.
Limit stack usage of lines with MAX_STACK_LINES, files with MAX_STACK_LINES
and dirs with MAX_STACK_DIRS. Calculate number of dirs needed first, then
create dirarray directly, without needing the next field. Free not stack
allocated lines and files at the end.
Use preallocated stack arrays for all instead of calling alloca to help
compiler see actual stack usage.
The current stack allocation limits are 4096 lines, 1024 files in 256 dirs
per CU. For GCC 4.8 libstdc++.so has on average 512 lines per CU. With
these settings read_srclines uses max 228K of stack on x86_64.
Mark Wielaard [Fri, 22 May 2015 12:18:11 +0000 (14:18 +0200)]
libdwfl: Reject very short or really large build-ids.
We cannot handle build-ids less than at least 3 or more than 64 bytes.
Very big build-ids, or very large debug search paths might have blown
up the stack.
Mark Wielaard [Tue, 19 May 2015 10:40:30 +0000 (12:40 +0200)]
libdwfl: Minimize stack usage in dwfl_linux_kernel_report_offline.
Don't stack allocate module name. Also fixes a latent bug (if the module
file didn't have a suffix - which is very unlikely) and an inefficiency.
We only need to substitue chars up to the suffix.
Mark Wielaard [Sun, 17 May 2015 16:49:10 +0000 (18:49 +0200)]
libebl: Use static number for array stack allocation in openbackend.
Help the compiler see we stack allocate a small array. Add assert to check
no machine prefix is ever larger than 16. Current maximum number is 7.
This prevents gcc warning about possible unbounded stack usage with
-Wstack-usage.
Mark Wielaard [Wed, 20 May 2015 12:09:46 +0000 (14:09 +0200)]
addr2line: Add --pretty-print option to show all information on one line.
This adds an option --pretty-print to eu-addr2line to show all information
on one line and all inlines on a line of their own. This mimics the same
option from binutils addr2line, but without the short option variant -p.
Since we already use -p to select the process.
Example output:
eu-addr2line --pretty-print -s -i -f -C -p$(pidof firefox) 0x00007f368c6f8915
mozilla::ReentrantMonitor::Wait(unsigned int) at ReentrantMonitor.h:92
(inlined by) mozilla::ReentrantMonitorAutoEnter::Wait(unsigned int) at ReentrantMonitor.h:190
A couple of tests were added to check the output matches that of
binutils addr2line.
Mark Wielaard [Tue, 19 May 2015 21:08:00 +0000 (23:08 +0200)]
addr2line: Always parse addresses as hex numbers.
We would sometimes interpret input addresses as decimal or octal.
That could be confusing and isn't what binutils addr2line does.
Be consistent and always treat input addresses as hex.
Mark Wielaard [Thu, 14 May 2015 10:34:26 +0000 (12:34 +0200)]
libelf: Use posix_fallocate instead of ftruncate to extend ELF file.
This fixes an obscure SIGBUS error when using ELF_C_WRITE_MMAP on an ELF
file that needs extending when the underlying file system is (nearly) full.
Use posix_fallocate to make sure the file content is really there. Using
ftruncate might mean the file is extended, but space isn't allocated yet.
This might cause a SIGBUS once we write into the mmapped space and the disk
is full.
Using fallocate might fail on some file systems. posix_fallocate is
required to extend the file and allocate enough space even if the
underlying filesystem would normally return EOPNOTSUPP or the kernel
doesn't implement the fallocate syscall. Also posix_fallocate has been in
glibc since 2.1.94, while support for fallocate was only added in 2.10
and kernel 2.6.23.
Mark Wielaard [Wed, 13 May 2015 13:21:57 +0000 (15:21 +0200)]
libelf: If e_phnum is zero then set e_phoff also to zero.
If phnum is zero make sure e_phoff is also zero and not some random value.
That would cause trouble in update_file. This could happen when ELF_F_LAYOUT
is set and the user copied over a ehdr from a bogus ELF file where the phdrs
are unreadable. In that case trying to write out the new ELF image would
crash trying to follow the bogus e_phdr value.
Mark Wielaard [Tue, 12 May 2015 13:59:04 +0000 (15:59 +0200)]
strip: Harden against bogus input files. Don't leak tmp debug file on error.
There were various places where a bogus/unexpected input file would cause
eu-strip to crash. Also on an unexpected error eu-strip would leak the temp
debug file it was writing.
Mark Wielaard [Tue, 12 May 2015 13:28:06 +0000 (15:28 +0200)]
libelf: More checking of valid sh_addralign values.
There were two issues with bogus sh_addralign values. First we would only
check the individual Elf_Data d_align values were powerof2. But not the
actual shdr addralign value. This would cause an issue if the shdr addralign
was bigger than all of the individual d_align values. Then we could write
out a bogus (! powerof2) shdr addralign value for the sections. Secondly
when reading in the Elf_Data we would set the d_align value to the value
of the shdr addralign value. But we would not check it was valid at all.
In practice there are ELF files with incorrect sh_addralign values (they
are a powerof2, but aren't aligned to the ELF image offset). We would try
to fix that up in elf_update by adding extra padding. But this could bloat
the ELF image a lot for large alignment values. So for too large alignments
that are bigger than the offset in the ELF file clamp them to the offset
value. This could lead us to reject to write out the data again when the
offset was not a powerof2. But this will only happen for aligment values
bigger than 64. Which are uncommon in practice.
Mark Wielaard [Tue, 12 May 2015 13:16:35 +0000 (15:16 +0200)]
libelf: Make sure shdrs are valid before storing extended phnum in newphdr.
Creating phdr with more than PN_XNUM phnum requires a valid section zero
shdr to store the extended value. Make sure the shdrs are valid. Also fix
the error when count was too big to store by setting ELF_E_INVALID_INDEX
before failing.
Jonathan Lebon [Mon, 11 May 2015 19:38:14 +0000 (15:38 -0400)]
dwarf_begin_elf: new error for compression failure
In order to provide better feedback to users, a distinction is made
between finding no dwarf info (E_NO_DWARF) and finding dwarf info but
which is compressed and failed to decompress (E_COMPRESSED_ERROR). This
can occur for example if elfutils was built without zlib support, or if
the compressed section is invalid.
Signed-off-by: Jonathan Lebon <jlebon@redhat.com> Signed-off-by: Mark Wielaard <mjw@redhat.com>
Jonathan Lebon [Mon, 11 May 2015 19:38:13 +0000 (15:38 -0400)]
dwarf_begin_elf: decouple section searching from reading
To help legibility, we separate the section name matching from the
actual section reading. This also allows us to remove duplicate code in
cases of sections appearing twice or empty section data. There are no
changes in functionality. The indentation will be fixed in the next
commit, in the interest of keeping this commit easier to read.
Signed-off-by: Jonathan Lebon <jlebon@redhat.com> Signed-off-by: Mark Wielaard <mjw@redhat.com>
Mark Wielaard [Fri, 8 May 2015 15:56:32 +0000 (17:56 +0200)]
Always call gelf_fsize with EV_CURRENT as argument.
Don't trust the elf version given by the file. It could be completely
bogus. In which case gelf_fsize just returns zero. Which could cause
divide by zero errors.
Mark Wielaard [Thu, 7 May 2015 16:35:48 +0000 (18:35 +0200)]
libdwfl: Only intern CU when not EOF marker and cuoff points to a DIE.
We need to check the cuoff points to a real Dwarf_Die before trying to
intern the cu with tsearch. Otherwise bogus keys might end up in the
search tree with NULL cus. That will cause crashes in compare_cukey
during next insertion or deletion of cus. We also don't want to insert
the EOF marker and unconditionally tdestroy the lazy_cu_root. The EOF
could be caused by bad DWARF from a bogus agranges entry.
Mark Wielaard [Wed, 6 May 2015 15:38:18 +0000 (17:38 +0200)]
elflint: Add sanity checks to check_attributes.
This is similar to commit 9644aa for readelf print_attributes.
Bail out when the vendor name isn't terminated and add overflow check
for subsection_len.
Note that readelf does handle non-gnu attributes, while elflint doesn't.
Mark Wielaard [Wed, 6 May 2015 10:55:21 +0000 (12:55 +0200)]
libdw: Detect line number overflow in dwarf_getsrclines on 32bit.
We do check whether the values we store for the line fit our data
representation in add_new_line, but on 32bit systems we would fail
to notice line overflowing.
Mark Wielaard [Sat, 3 Jan 2015 22:02:17 +0000 (23:02 +0100)]
libelf: Make sure version xlate dest buffer is fully defined.
https://bugzilla.redhat.com/show_bug.cgi?id=1170810#c16
contains an example of usage of undefined memory when version section
data needs to be translated, but the version xlate functions detect they
cannot fully transform the section data. To make sure the dest buffer
data is completely defined this patch makes sure all data is moved
from src to dest first. This is somewhat inefficient since normally
all data will be fully converted. But the translation functions have
no way to indicate only partial data was converted.
Reported-by: Alexander Cherepanov <cherepan@mccme.ru> Signed-off-by: Mark Wielaard <mjw@redhat.com>
argp is not part of POSIX standards and not provided by uClibc or
some other standard C libraries. However, it is possible to link
against a breakout argp library. One is provided at
http://www.lysator.liu.se/~nisse/misc/
This patch tests if libc provides argp otherwise it adds the linker
flag -largp where needed in the build system.
Signed-off-by: Anthony G. Basile <blueness@gentoo.org> Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Mark Wielaard [Fri, 1 May 2015 07:23:57 +0000 (09:23 +0200)]
configure: print feature settings overview
elfutils can be configured in various ways. But we expect certain
settings for the features that we explicitly support. Print an
overview of all settings, plus their recommended setting, at the
end of the configure run.
RECOMMENDED FEATURES (should all be yes)
gzip support : yes
bzip2 support : yes
lzma/xz support : yes
libstdc++ demangle support : yes
File textrel check : yes
Symbol versioning : yes
NOT RECOMMENDED FEATURES (should all be no)
Experimental thread safety : no
OTHER FEATURES
Deterministic archives by default : false
Native language support : yes
EXTRA TEST FEATURES (used with make check)
debug branch prediction : no
gprof support : no
gcov support : no
run all tests under valgrind : no
use rpath in tests : no
test biarch : yes
Mark Wielaard [Wed, 22 Apr 2015 10:47:46 +0000 (12:47 +0200)]
readelf: Fix cie_offset calculation comparison on 32bit.
gcc -fsanitize=undefined pointed out that on 32bit systems the calculation
to match the cie_offset to the cie_id could be undefined because a cie_id
could be an unsigned 64bit value while ptrdiff_t is only 32bits. Correct
the calculation to use 64bit values.
Mark Wielaard [Wed, 22 Apr 2015 10:28:30 +0000 (12:28 +0200)]
libdw: Undefined behavior in get_sleb128_step.
gcc -fsanitize=undefined pointed out that for too big sleb128 values we
could shift into the sign bit. So for sleb128 values that have to fit
in a (signed) int64_t variable reduce the max number of steps by one.
Mark Wielaard [Fri, 17 Apr 2015 20:24:41 +0000 (22:24 +0200)]
readelf: Always try to print some debug section information.
Even if we cannot create a proper Dwarf dbg we can still print the
information of various debug sections. All all debug print section
functions already check first they can access the appropriate data.
Max Filippov [Thu, 23 Apr 2015 18:46:59 +0000 (20:46 +0200)]
Allow disabling symbol versioning at configure time
Due to missing symbol versioning support in uClibc calls to versioned
functions that internally call different version of themselves results
in infinite recursion.
Introduce macro SYMBOL_VERSIONING and use it instead of plain SHARED to
decide whether symbol versioning is needed. Control this macro
definition with new configure option --disable-symbol-versioning.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Mark Wielaard <mjw@redhat.com>
Mark Wielaard [Tue, 21 Apr 2015 13:46:01 +0000 (15:46 +0200)]
libdw: Don't overflow stack with user defined macro attributes array.
In theory user defined debug macros can have an arbitrary number of
arguments. Don't allocate them all on stack. If there are more than
8 (arbitrary number, but no sane macro should have more arguments),
then dynamically allocate and free the attributes.
Found by gcc -fsanitize=undefined. Which pointed out the nforms could
be zero, creating an empty vla (which could cause undefined behavior).
Mark Wielaard [Tue, 14 Apr 2015 08:18:37 +0000 (10:18 +0200)]
configure: Add explicit checks for all GNU99 extensions used.
Some compilers (clang) claim to support -std=gnu99 but don't actually
implement all extensions we use in the code. Producing really hard to
parse errors. Add explicit checks for some of the other language
extensions we use, Nested Functions and Arrays of Variable Length,
to the configure check to catch such issues early.
Mark Wielaard [Tue, 31 Mar 2015 09:33:53 +0000 (11:33 +0200)]
libdwfl: Special case core_file_read_eagerly for small ELF images.
Small ELF images, like linux-gate or linux-vdso, might be available in the
core file, but not on disk, even if we have a build-id. If the whole image
is small enough try to read them in from the core file to make sure symbols
and unwind information are always available for them. We would already map
them in if the core file was opened with ELF_C_READ_MMAP.
projects / thirdparty / elfutils.git / log
