From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9608 invoked by alias); 2 Mar 2012 14:15:00 -0000 Received: (qmail 9595 invoked by uid 22791); 2 Mar 2012 14:14:56 -0000 X-SWARE-Spam-Status: No, hits=-1.7 required=5.0 tests=AWL,BAYES_00 X-Spam-Check-By: sourceware.org Received: from relay1.mentorg.com (HELO relay1.mentorg.com) (192.94.38.131) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 02 Mar 2012 14:14:43 +0000 Received: from nat-dem.mentorg.com ([195.212.93.2] helo=eu2-mail.mgc.mentorg.com) by relay1.mentorg.com with esmtp id 1S3TFp-0004wc-G0 from Thomas_Schwinge@mentor.com ; Fri, 02 Mar 2012 06:14:41 -0800 Received: from feldtkeller.schwinge.homeip.net ([172.30.64.112]) by eu2-mail.mgc.mentorg.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 2 Mar 2012 15:14:39 +0100 From: Thomas Schwinge To: Pedro Alves Cc: Kevin Buettner , gdb-patches@sourceware.org Subject: Re: [PATCH] [SH] Prologue skipping if there is none In-Reply-To: <4F50B664.3090307@redhat.com> References: <87pqdgciho.fsf@schwinge.name> <20120215075413.1313f7fa@mesquite.lan> <20120215165907.33f2e9a6@mesquite.lan> <8739aad9il.fsf@schwinge.name> <20120216182544.36b41a1b@mesquite.lan> <87mx8da3b9.fsf@schwinge.name> <20120220162029.2082b6a1@mesquite.lan> <87wr7c7aop.fsf@schwinge.name> <20120224144657.36bbd09f@mesquite.lan> <87r4xd528y.fsf@schwinge.name> <87d38w4rxr.fsf@schwinge.name> <20120301171847.306829ba@mesquite.lan> <87mx7z2qwc.fsf@schwinge.name> <4F50B664.3090307@redhat.com> User-Agent: Notmuch/0.9-101-g81dad07 (http://notmuchmail.org) Emacs/23.3.1 (x86_64-pc-linux-gnu) Date: Fri, 02 Mar 2012 14:15:00 -0000 Message-ID: <87k4332ipm.fsf@schwinge.name> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2012-03/txt/msg00087.txt.bz2 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-length: 1596 Hi! On Fri, 2 Mar 2012 12:00:36 +0000, Pedro Alves wrote: > On 03/02/2012 11:17 AM, Thomas Schwinge wrote: > > On Thu, 1 Mar 2012 17:18:47 -0700, Kevin Buettner w= rote: > >> > On Thu, 01 Mar 2012 10:00:00 +0100 > >> > Thomas Schwinge wrote: > >> >=20 > >>> > > @@ -594,6 +590,7 @@ sh_analyze_prologue (struct gdbarch *gdb > >>> > > { > >>> > > sav_reg =3D reg; > >>> > > offset =3D (inst & 0xff) << 1; > >>> > > + /* TODO: check that this is a valid address. */ > >>> > > sav_offset =3D > >>> > > read_memory_integer ((pc + 4) + offset, 2, byte_order); > >>> > > } > In this case, what's > necessary to just fix that particular issue? The issue here is that external data (a malicious executable that is being debugged) might possibly cause GDB to do arbitrary things due to corrupting its internal state. (I don't know if GDB development is generally paying attention to such ``detail'', but it certainly is an attack vector if you're debugging a binary that has been provided by a third party.) For inaccessible addresses, target_read_memory returns EIO, which causes read_memory to invoke throw_error: ``Cannot access memory at address 0xfffffffe''; that's fine. For improper but accessible addresses, it is more difficult to predict what might happen in the following. The value will be propagated into a frame cache's sp_offset and saved_sp. From there on, we have to rely on the frame unwinding machinery to reliably detect any failures or inconsistencies. Gr=C3=BC=C3=9Fe, Thomas --=-=-= Content-Type: application/pgp-signature Content-length: 489 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJPUNXFAAoJENuKOtuXzphJYV0IAJQ2nSnWEx3RGD+/dBdQ7JD8 aur8HG+ZciAbqRQVy/FGlXzdB7WISyE0lPl9cReMafGaSLDQ00neKYXq87yD40yD 7M3rW1RNgsu89BhztFf0DTCEgIWuU/P6m7CTiQ8HN7zcI5jC9GA7PZlpz85rbOSk eR7zGI/P0nkEWmfv+OlxXTS3k/NO+gagh4tkUFLd8KywS9UTml87gkpN29g5i9VT tKRS/WPV3qr6dTRoBFzh2FFIrA7/hITgy4+oJXbTix0Zyuz9K57+pwP4VeAnT3nU Im+d/jMZxf3jqeqwRLoxFQsI4XVcK9xZ00V9VAGKYsIrAv9aIbGNeHHvNRwAKGE= =kPRU -----END PGP SIGNATURE----- --=-=-=--