1332145 – A approximate infinite loop bugs in dwarf_get_aranges_list()

Bug 1332145 - A approximate infinite loop bugs in dwarf_get_aranges_list()

Summary: A approximate infinite loop bugs in dwarf_get_aranges_list()

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libdwarf
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Tom Hughes
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-05-02 11:20 UTC by lieanu
Modified:	2016-05-12 16:13 UTC (History)
CC List:	2 users (show)
Fixed In Version:	libdwarf-20160507-1.fc24
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-05-12 16:13:46 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Infinit Loop bug (9.22 KB, application/x-executable) 2016-05-02 11:20 UTC, lieanu	no flags	Details
View All

Description lieanu 2016-05-02 11:20:37 UTC

Created attachment 1152901 [details]
Infinit Loop bug

Hi,

I have informed this bug to upstream, reporting it here just for bug tracking, thanks.

A approximate infinite loop bugs in latest dwarf git code.

Bug in the while loop of dwarf_arange.c:251(latest git code).

The context:

gef> info b
8       breakpoint     keep y   0x00002aaaaacdd54d in dwarf_get_aranges_list at dwarf_arange.c:166
        breakpoint already hit 100001 times
gef> p arange_ptr_past_end 
$9 = (Dwarf_Small *) 0xe965f040 <error: Cannot access memory at address 0xe965f040>
gef> p arange_ptr
$10 = (Dwarf_Small *) 0x722520 ""
gef> p range_entry_size
$11 = 8
gef> p address_size
$12 = 4 '\004'
gef> bt
#0  dwarf_get_aranges_list (dbg=dbg@entry=0x654df0, chain_out=chain_out@entry=0x7fffffffda08, chain_count_out=chain_count_out@entry=0x7fffffffda00, error=error@entry=0x7fffffffda98) at dwarf_arange.c:179
#1  0x00002aaaaacdd8c3 in dwarf_get_aranges (dbg=dbg@entry=0x654df0, aranges=aranges@entry=0x7fffffffda90, returned_count=returned_count@entry=0x7fffffffda88, error=error@entry=0x7fffffffda98) at dwarf_arange.c:302
#2  0x000000000040f23b in print_aranges (dbg=0x654df0) at print_aranges.c:140
#3  0x0000000000407c8e in process_one_file (l_config_file_data=0x63bda0 <g_config_file_data>, archive=0, tied_file_name=0x0, file_name=0x654030 "collect_dir/crash423", elftied=0x0, elf=<optimized out>) at dwarfdump.c:1401
#4  main (argc=<optimized out>, argv=<optimized out>) at dwarfdump.c:645

After 100001 times loop, there are still need to loop (0xe965f040 - 0x722520 - 8)/4 = 977072838 times, It’s a huge number, should be prevented.

Comment 1 Fedora Update System 2016-05-08 10:27:19 UTC

libdwarf-20160507-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f36c5935e5

Comment 2 Fedora Update System 2016-05-09 00:55:02 UTC

libdwarf-20160507-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f36c5935e5

Comment 3 Fedora Update System 2016-05-12 16:13:09 UTC

libdwarf-20160507-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.