From ec388c16cd4217a64907e4e133d2102cc4fe608a Mon Sep 17 00:00:00 2001 From: Nick Alcock Date: Wed, 3 Jun 2020 17:31:44 +0100 Subject: [PATCH] libctf: error out on corrupt CTF with invalid header flags If corrupt CTF with invalid header flags is passed in, return the new error ECTF_FLAGS. include/ * ctf-api.h (ECTF_FLAGS): New. (ECTF_NERR): Adjust. * ctf.h (CTF_F_MAX): New. libctf/ * ctf-open.c (ctf_bufopen_internal): Diagnose invalid flags. --- include/ChangeLog | 6 ++++++ include/ctf-api.h | 5 +++-- include/ctf.h | 3 ++- libctf/ChangeLog | 4 ++++ libctf/ctf-open.c | 3 +++ 5 files changed, 18 insertions(+), 3 deletions(-) diff --git a/include/ChangeLog b/include/ChangeLog index 9f47c8bff77..8a48d009a69 100644 --- a/include/ChangeLog +++ b/include/ChangeLog @@ -1,3 +1,9 @@ +2020-07-22 Nick Alcock + + * ctf-api.h (ECTF_FLAGS): New. + (ECTF_NERR): Adjust. + * ctf.h (CTF_F_MAX): New. + 2020-07-22 Nick Alcock * ctf-api.h (ECTF_NEXT_END): New error. diff --git a/include/ctf-api.h b/include/ctf-api.h index 47a1f732f0e..760b1e46dc6 100644 --- a/include/ctf-api.h +++ b/include/ctf-api.h @@ -207,10 +207,11 @@ enum ECTF_NONREPRESENTABLE, /* Type not representable in CTF. */ ECTF_NEXT_END, /* End of iteration. */ ECTF_NEXT_WRONGFUN, /* Wrong iteration function called. */ - ECTF_NEXT_WRONGFP /* Iteration entity changed in mid-iterate. */ + ECTF_NEXT_WRONGFP, /* Iteration entity changed in mid-iterate. */ + ECTF_FLAGS /* CTF header contains flags unknown to libctf. */ }; -#define ECTF_NERR (ECTF_NEXT_WRONGFP - ECTF_BASE + 1) /* Count of CTF errors. */ +#define ECTF_NERR (ECTF_FLAGS - ECTF_BASE + 1) /* Count of CTF errors. */ /* The CTF data model is inferred to be the caller's data model or the data model of the given object, unless ctf_setmodel() is explicitly called. */ diff --git a/include/ctf.h b/include/ctf.h index 168092b650e..f251759afa1 100644 --- a/include/ctf.h +++ b/include/ctf.h @@ -199,7 +199,8 @@ typedef struct ctf_header #define CTF_VERSION_3 4 #define CTF_VERSION CTF_VERSION_3 /* Current version. */ -#define CTF_F_COMPRESS 0x1 /* Data buffer is compressed by libctf. */ +#define CTF_F_COMPRESS 0x1 /* Data buffer is compressed by libctf. */ +#define CTF_F_MAX CTF_F_COMPRESS /* The greatest flag value in use. */ typedef struct ctf_lblent { diff --git a/libctf/ChangeLog b/libctf/ChangeLog index 4a10f63d00c..45caf217cb2 100644 --- a/libctf/ChangeLog +++ b/libctf/ChangeLog @@ -1,3 +1,7 @@ +2020-07-22 Nick Alcock + + * ctf-open.c (ctf_bufopen_internal): Diagnose invalid flags. + 2020-07-22 Nick Alcock ctf-decls.h (ctf_qsort_compar_thunk): Fix arg passing. diff --git a/libctf/ctf-open.c b/libctf/ctf-open.c index b7846bd0014..f8eeaab0168 100644 --- a/libctf/ctf-open.c +++ b/libctf/ctf-open.c @@ -1384,6 +1384,9 @@ ctf_bufopen_internal (const ctf_sect_t *ctfsect, const ctf_sect_t *symsect, if (pp->ctp_version < CTF_VERSION_3) hdrsz = sizeof (ctf_header_v2_t); + if (_libctf_unlikely_ (pp->ctp_flags > CTF_F_MAX)) + return (ctf_set_open_errno (errp, ECTF_FLAGS)); + if (ctfsect->cts_size < hdrsz) return (ctf_set_open_errno (errp, ECTF_NOCTFBUF)); -- 2.30.2