From patchwork Sat Mar  2 20:17:59 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ian Lance Taylor <iant@golang.org>
X-Patchwork-Id: 209261
Return-Path: <gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7301:fa17:b0:10a:f01:a869 with SMTP id ju23csp638304dyc;
        Sat, 2 Mar 2024 12:18:48 -0800 (PST)
X-Forwarded-Encrypted: i=3;
 AJvYcCV9wJCvabryGv/lOiqy8jXJTr5pFkoHa2yd50OktMZ3sSic5XLI6otV1GziueI6QuwPHIa62AuBQz4Cq9VfqYpVb30Ryw==
X-Google-Smtp-Source: 
 AGHT+IHOc2JTIG8kfgahZajFBLuqEQSSe8Uh+MPGrTVHwWTL7a5CwdLGvR2p/RpNsgVhyo7uOZ4l
X-Received: by 2002:a05:622a:341:b0:42e:d186:6ab2 with SMTP id
 r1-20020a05622a034100b0042ed1866ab2mr4949439qtw.9.1709410727990;
        Sat, 02 Mar 2024 12:18:47 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1709410727; cv=pass;
        d=google.com; s=arc-20160816;
        b=TLFTMQLPU6b4GsZpC+sOoqK93mrlK3Wrr8qY6/MltLQylmnctNzd2dxswBbBag/SCh
         FaoVeLXQe9+cXJi7EWq9k8/v535XxgD1riJVHzZ0I5MJHTPHrwN3s3FrTNkk4qwqSIre
         0HcyvitnHHiGj0wNQQvOjh608Cx3diQJtaHFWkM9Q4VEkrmJDte3QeyBrXntShBGSOeP
         Zx56791zfO188+Bkw6a8he4XIvWuG3A0H1poiSD9mhYIgY3qba6PWR8yfsSa5BExri+T
         3h0qkTbInt51r35kPmFHLm6qwfwD/t/MraPLEvkU1RmxI9P/35F/mEBm1Yw9whEIhrdG
         NcQg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=errors-to:list-subscribe:list-help:list-post:list-archive
         :list-unsubscribe:list-id:precedence:to:subject:message-id:date:from
         :mime-version:dkim-signature:arc-filter:dmarc-filter:delivered-to;
        bh=TWBxApc9r9YJ0R1bxwCDYxZwyLrT4zHxiCLAbDLcSgk=;
        fh=8G0fvw9kezX2+yjwifXgHvTII1omy92vRpR1R+rFCOA=;
        b=x4jU0PGhe5wqScOlBAxqB+IOCJqYfG+OvvVy9uQqYYc4o4GCmxJQ2ebbxA+wQ/RRZO
         nRp6p5uAv3wD45vS0w3jFFSI4eNUVsO/51Vv2aWXckliEAbHv4g6JmkOeD6TpDau1vqZ
         Rsx6fAUhIZTIY5HtOvmwYVBiky2g1IlsQz9H4rNmPqz6i1aTZqg2H0kTnB8+sltA1Cva
         4r7G0JsKJ/wA57SjKBzUidzLoizy+pyR/QPhMkehqLKQ0itWIhwdqGhDyOf7IStqsklp
         wlLMFVM/9hRRJHuAThpqQWPMXVeYN+GI6U6AMsZOIERfwJDJGM8q7iizosLBGgoH+l/U
         I7WQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@golang-org.20230601.gappssmtp.com header.s=20230601
 header.b=2gb77hr3;
       arc=pass (i=1);
       spf=pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org";
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=golang.org
Received: from server2.sourceware.org (server2.sourceware.org.
 [2620:52:3:1:0:246e:9693:128c])
        by mx.google.com with ESMTPS id
 b16-20020ac84f10000000b0042ea48c3bcdsi5836316qte.346.2024.03.02.12.18.47
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 02 Mar 2024 12:18:47 -0800 (PST)
Received-SPF: pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@golang-org.20230601.gappssmtp.com header.s=20230601
 header.b=2gb77hr3;
       arc=pass (i=1);
       spf=pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org";
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=golang.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id B17E03858D3C
	for <ouuuleilei@gmail.com>; Sat,  2 Mar 2024 20:18:47 +0000 (GMT)
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com
 [IPv6:2607:f8b0:4864:20::b2b])
 by sourceware.org (Postfix) with ESMTPS id AACA03858D1E
 for <gcc-patches@gcc.gnu.org>; Sat,  2 Mar 2024 20:18:12 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AACA03858D1E
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=golang.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=golang.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org AACA03858D1E
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=2607:f8b0:4864:20::b2b
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1709410695; cv=none;
 b=YRLSvNIrk//I9GAYEQDtimh1z6BmfsgTyTVWzCxwE66O8jlBhBZpaSZMtWhCLguegSevRunJpul7GXHA+RtRz6cF4cBNR+iulXq+i1XvE8wSoyPKtsUJQsROtGkvd69lYbS3aapaEJwDPeHqOH2sMkuTzMl2wQfEXpUw3B9D+qg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1709410695; c=relaxed/simple;
 bh=raH5KOtI6DH0rcVb35c7047xT9FkHcYzr+cka1nBVi0=;
 h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To;
 b=kLnzlnJ+oHoBYwbewJGy6o/bDi1CZwHpcAK/v8WDYuPjeR652p34LIeYPgBhb0QsYYldyID9rVeIb2MkZZiK/lbaAofZfYRYoQ64fOqf/0b3tfXVHlRxbYJGQg8P0GHzfNJIZ3dt7KNhQDkkSWoBkjtZXQPAy00cQPyhIeM1L2A=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: by mail-yb1-xb2b.google.com with SMTP id
 3f1490d57ef6-dc6d8bd618eso3497402276.3
 for <gcc-patches@gcc.gnu.org>; Sat, 02 Mar 2024 12:18:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=golang-org.20230601.gappssmtp.com; s=20230601; t=1709410691; x=1710015491;
 darn=gcc.gnu.org;
 h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
 :date:message-id:reply-to;
 bh=TWBxApc9r9YJ0R1bxwCDYxZwyLrT4zHxiCLAbDLcSgk=;
 b=2gb77hr3GTpT5Oa5gtX98r7m+cMnf84dNBh5L/4HX0d9NX6x8iud335qhkPGMMG8SD
 Tk60myG3EZwpRACZxMB9L0/q+aQa5yUSGM0XiGQBMCUTMx7wywwnj9tW5n7r2b6/lqS4
 uvmuoXbLK6vwjs7D5BGF7lmT++i99KHMa3Jgs/mzNZfCa9U2BzGtm8WgvKUFaxu31mhq
 1TKP0jGLUjlG/rc7qGbppLf3jJ+C2hy2BPk1FJWtA1jvGatU4RWuc1OfzMJOVsuxACjo
 x8KJ/iC8Yvb2c7Ahj9lpHg0YesKJO5q56QMv3Fw+8Bha+0rAvx0PM1eohrVlXXhxIRUP
 kRdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1709410691; x=1710015491;
 h=to:subject:message-id:date:from:mime-version:x-gm-message-state
 :from:to:cc:subject:date:message-id:reply-to;
 bh=TWBxApc9r9YJ0R1bxwCDYxZwyLrT4zHxiCLAbDLcSgk=;
 b=lhmKOJI2W2CkHjf3tR//cOVOOhTUOOd3FlHVH7HWkdVgVPRtpgHje/zFeCoS7l4/lu
 n4guaD7sPgIN1w1wYHgNPOwI17hn7B42Dzg6KrVGX6zTPAGIJriQKcvxwhOpFdZ0+hXX
 SVA1/fbu4lI4P8W3u3slTTutU4u3/ijO8SYAM0VF6tw2taIMaWWdV6zyd50bYW2mvsnd
 uDsckCIir0wAqlEjbDmnJWMp9C5xsGihAJHZqwVTSmdOtRPlL1D/qLjQd4Q2iKdJuH4p
 5MpmT807HupOHlUXqc6/F21I2lj2+k/+OoXPjTmUl3L1NtSkSaOOjzQyAmgGAKz+kUt5
 StAQ==
X-Gm-Message-State: AOJu0YwUKaoBLwDiXOceHd5Ro6cnwZyOxcSuPtKeTBmKMgSujtVDnILI
 NpU2z1SJVcJ0G3EjtbPielE93sL9m31A7QaXrv0P9itj/0CUbKsmh/WubMaxHklZk7c+OM1QRQA
 uMW70OgnkrVJqiNSrj8biY4U0p4Bc4jPAYhRqhxdG8NF5+dCEroU=
X-Received: by 2002:a5b:48d:0:b0:dc6:ebca:c2e8 with SMTP id
 n13-20020a5b048d000000b00dc6ebcac2e8mr4055875ybp.5.1709410691454; Sat, 02 Mar
 2024 12:18:11 -0800 (PST)
MIME-Version: 1.0
From: Ian Lance Taylor <iant@golang.org>
Date: Sat, 2 Mar 2024 12:17:59 -0800
Message-ID: 
 <CAOyqgcW48PewSOR30YHivgOKpZQE_QJ1Zkp+Tw=sPO-NZUD-=A@mail.gmail.com>
Subject: libbacktrace patch committed: Skip all LZMA block header padding
 bytes
To: gcc-patches <gcc-patches@gcc.gnu.org>
X-Spam-Status: No, score=-9.3 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1792447063734437903
X-GMAIL-MSGID: 1792447063734437903

This patch to libbacktrace corrects the LZMA block header parsing to
skip all the padding bytes, verifying that they are zero.  This fixes
https://github.com/ianlancetaylor/libbacktrace/issues/118.
Bootstrapped and ran libbacktrace tests on x86_64-pc-linux-gnu.  I was
able to verify that the problem occurred when setting the environment
variable XZ_OPT="--threads=2", and that this patch fixes the bug.
Committed to mainline.

Ian

* elf.c (elf_uncompress_lzma_block): Skip all header padding bytes
and verify that they are zero.
23f9fbed3c97ed70d2615d7d3fa7c249cc862553

diff --git a/libbacktrace/elf.c b/libbacktrace/elf.c
index f4527e2477d..7841c86cd9c 100644
--- a/libbacktrace/elf.c
+++ b/libbacktrace/elf.c
@@ -5568,6 +5568,7 @@ elf_uncompress_lzma_block (const unsigned char *compressed,
   uint64_t header_compressed_size;
   uint64_t header_uncompressed_size;
   unsigned char lzma2_properties;
+  size_t crc_offset;
   uint32_t computed_crc;
   uint32_t stream_crc;
   size_t uncompressed_offset;
@@ -5671,19 +5672,20 @@ elf_uncompress_lzma_block (const unsigned char *compressed,
   /* The properties describe the dictionary size, but we don't care
      what that is.  */
 
-  /* Block header padding.  */
-  if (unlikely (off + 4 > compressed_size))
+  /* Skip to just before CRC, verifying zero bytes in between.  */
+  crc_offset = block_header_offset + block_header_size - 4;
+  if (unlikely (crc_offset + 4 > compressed_size))
     {
       elf_uncompress_failed ();
       return 0;
     }
-
-  off = (off + 3) &~ (size_t) 3;
-
-  if (unlikely (off + 4 > compressed_size))
+  for (; off < crc_offset; off++)
     {
-      elf_uncompress_failed ();
-      return 0;
+      if (compressed[off] != 0)
+	{
+	  elf_uncompress_failed ();
+	  return 0;
+	}
     }
 
   /* Block header CRC.  */