Paolo Bonzini from Red Hat reported following issue in libunwind: An invalid DW_OP_bregXX opcodes can access dwarf_to_unw_regnum_map one item past the end. Spotted by Coverity, suggested patch below: """ --- a/include/dwarf_i.h +++ b/include/dwarf_i.h @@ -20,7 +20,7 @@ extern const uint8_t dwarf_to_unw_regnum_map[DWARF_REGNUM_MAP_LENGTH]; /* REG is evaluated multiple times; it better be side-effects free! */ # define dwarf_to_unw_regnum(reg) \ - (((reg) <= DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0) + (((reg) < DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0) #endif #ifdef UNW_LOCAL_ONLY """ Upstream bug: http://savannah.nongnu.org/bugs/?45276
Upstream fix: http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1
Created libunwind tracking bugs for this issue: Affects: fedora-all [bug 1238264] Affects: epel-all [bug 1238265]
libunwind-1.1-10.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
libunwind-1.1-10.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Acknowledgements: This issue was discovered by Paolo Bonzini of Red Hat.
libunwind-1.1-3.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
libunwind-1.1-10.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: OpenStack 6 for RHEL 7 Via RHSA-2015:1675 https://rhn.redhat.com/errata/RHSA-2015-1675.html
This issue has been addressed in the following products: OpenStack 5 for RHEL 7 Via RHSA-2015:1769 https://rhn.redhat.com/errata/RHSA-2015-1769.html
This issue has been addressed in the following products: OpenStack 5 for RHEL 6 Via RHSA-2015:1768 https://rhn.redhat.com/errata/RHSA-2015-1768.html