#
3e4c3423 |
|
23-Sep-2018 |
Augustin Cavalier <waddlesplash@gmail.com> |
demangle/gcc2: Skip count > length should skip to the end. This is the behavior the code expects.
|
#
de777b79 |
|
16-Sep-2018 |
Augustin Cavalier <waddlesplash@gmail.com> |
demangle/gcc2: Do not trust inputs. We do not know anything about the symbols we are being asked to demangle; it is entirely possible they are malformed, or that we parse them incorrectly, which previously led to buffer overflows. E.g. the "2","8" in "SetTo__Q28_GLOBAL_" is presently incorrectly parsed as a length, leading to an access 21 bytes past the end of the string. This caused a page fault under the guarded heap, a fact I had the misfortune to discover when trying to attach Debugger to a guarded-heap'd application which somehow ran the demangler under the guarded heap also, and that symbol above was in runtime_loader, so it crashed while loading its symbols. So now we do what the GCC3+ demangler does here, and keep track of the input buffer through the use of a state class, which will prevent us from incrementing past the buffer's end. I've tested this patch using the new haikuc++filt utility against libtracker (indeed, it took multiple rounds of testing to get the diff to be 0 bytes) and it seems to work exactly as before, though now without out-of-bounds accesses. As this demangler is also used in the kernel, it's possible that some triple-faults on x86_gcc2[h] are caused by this bug (although that would be rare; one of the incorrectly-parsed symbols would have to be in the stack trace, and then it would have to read past the end of the buffer containing the symbol.) Change-Id: I343991cebd7d2887812c8c6b3dc2e0df2fcd79fa Reviewed-on: https://review.haiku-os.org/579 Reviewed-by: waddlesplash <waddlesplash@gmail.com>
|
#
23a1bcf2 |
|
04-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
gcc2 demangler: Fix skip of string termination. The inner loop to skip the function declaration stops at the terminating null but didn't break out of the loop in that case, causing the outer loop increment to skip the terminator and read beyond the string end. Well formatted symbols do not trigger this, but there sometimes are false positives that would cause it to happen. It was seen in Debugger that reuses this code.
|
#
4535495d |
|
10-Jan-2011 |
Ingo Weinhold <ingo_weinhold@gmx.de> |
Merged the signals branch into trunk, with these changes: * The team and thread kernel structures have been renamed to Team and Thread respectively and moved into the new BKernel namespace. * Several (kernel add-on) sources have been converted from C to C++ since private kernel headers are included that are no longer C compatible. Changes after merging: * Fixed gcc 2 build (warnings mainly in the scary firewire bus manager). git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@40196 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
877d64ee |
|
29-Jul-2009 |
Axel Dörfler <axeld@pinc-software.de> |
* The gcc2 demangler didn't like functions without any arguments. * first_argument() never returns NULL, so we don't have to check for it. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@31899 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
7927ebb6 |
|
03-Jun-2009 |
Ingo Weinhold <ingo_weinhold@gmx.de> |
Moved the appending of '*'/'&' for pointer/reference parameters to the gcc 2 demangler, where it belongs. The gcc 4 stack traces look correct now. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@30955 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
15394881 |
|
03-Jun-2009 |
Ingo Weinhold <ingo_weinhold@gmx.de> |
* Implemented demangling support for the current gcc ABI. Looks good so far save for the additional '&'/'*' print_demangled_call() is printing for reference/pointer arguments. * Moved the new demangler and the gcc 2 demangler into the same module always supporting both (the right one is chosen). In mixed gcc 2/gcc 4 environments we obviously need both of them. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@30954 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
9cd2430e |
|
30-Oct-2008 |
Axel Dörfler <axeld@pinc-software.de> |
* Namespaces of argument names are now also handled properly. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@28385 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
61791eda |
|
30-Oct-2008 |
Axel Dörfler <axeld@pinc-software.de> |
* count_namespaces() did not work correctly when there were more than one but less than 10 namespaces. * 'const' object methods are now properly handled. * Template classes are now ignored as well. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@28383 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
b643734a |
|
30-Oct-2008 |
Axel Dörfler <axeld@pinc-software.de> |
* Now handles function pointers as arguments correctly. * Added optional tracing output. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@28377 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
0d567357 |
|
13-Oct-2008 |
Axel Dörfler <axeld@pinc-software.de> |
* Symbols with templates are completely ignored for now (ie. they won't confuse the demangler anymore). * Functions with leading "__" won't confuse the demangler anymore either. * Added a maximum argument count of 32 to reduce the risk of endless loops. * Added protection against recursively calling get_next_argument_internal() more than once. * Added detection for floats, and doubles (long doubles will currently make it reject the symbol). git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@28032 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
ddecb4a7 |
|
12-Oct-2008 |
Axel Dörfler <axeld@pinc-software.de> |
* Changed the way the demangle functionality works: instead of having a kernel debugger add-on set a demangle hook, all modules under debugger/demangle/ are now considered demangle modules. * Added another function to the demangle module interface that gives you access to the arguments. * Implemented a demangling module for GCC2. * The older demangling module is now called "gcc3+", but doesn't support getting the arguments yet. * The "call" KDL command is now using demangling to automatically show you the arguments of a call from a stack crawl. * Minor cleanup. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@28018 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
23a1bcf28bc3dd1e5ded670513e4339ae6ea7540 |
|
04-Apr-2015 |
Michael Lotz <mmlr@mlotz.ch> |
gcc2 demangler: Fix skip of string termination. The inner loop to skip the function declaration stops at the terminating null but didn't break out of the loop in that case, causing the outer loop increment to skip the terminator and read beyond the string end. Well formatted symbols do not trigger this, but there sometimes are false positives that would cause it to happen. It was seen in Debugger that reuses this code.
|
#
4535495d80c86e19e2610e7444a4fcefe3e0f8e6 |
|
10-Jan-2011 |
Ingo Weinhold <ingo_weinhold@gmx.de> |
Merged the signals branch into trunk, with these changes: * The team and thread kernel structures have been renamed to Team and Thread respectively and moved into the new BKernel namespace. * Several (kernel add-on) sources have been converted from C to C++ since private kernel headers are included that are no longer C compatible. Changes after merging: * Fixed gcc 2 build (warnings mainly in the scary firewire bus manager). git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@40196 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
877d64eeb1003f71d7c32788598c1f293331270f |
|
29-Jul-2009 |
Axel Dörfler <axeld@pinc-software.de> |
* The gcc2 demangler didn't like functions without any arguments. * first_argument() never returns NULL, so we don't have to check for it. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@31899 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
7927ebb672660db636995b07ed8e257e73be6cce |
|
03-Jun-2009 |
Ingo Weinhold <ingo_weinhold@gmx.de> |
Moved the appending of '*'/'&' for pointer/reference parameters to the gcc 2 demangler, where it belongs. The gcc 4 stack traces look correct now. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@30955 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
15394881a8c01f82f125af797a5c63cd40c71527 |
|
03-Jun-2009 |
Ingo Weinhold <ingo_weinhold@gmx.de> |
* Implemented demangling support for the current gcc ABI. Looks good so far save for the additional '&'/'*' print_demangled_call() is printing for reference/pointer arguments. * Moved the new demangler and the gcc 2 demangler into the same module always supporting both (the right one is chosen). In mixed gcc 2/gcc 4 environments we obviously need both of them. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@30954 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
9cd2430ee0124fa0d34d6803cb148af471fa9f9e |
|
30-Oct-2008 |
Axel Dörfler <axeld@pinc-software.de> |
* Namespaces of argument names are now also handled properly. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@28385 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
61791eda0c5ab54349446611b8affd57bd19d3a0 |
|
30-Oct-2008 |
Axel Dörfler <axeld@pinc-software.de> |
* count_namespaces() did not work correctly when there were more than one but less than 10 namespaces. * 'const' object methods are now properly handled. * Template classes are now ignored as well. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@28383 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
b643734ad7263d4a748c3fa7ce2d607905a7e022 |
|
30-Oct-2008 |
Axel Dörfler <axeld@pinc-software.de> |
* Now handles function pointers as arguments correctly. * Added optional tracing output. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@28377 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
0d5673573ea02b322994b86da0d090a593c0a849 |
|
13-Oct-2008 |
Axel Dörfler <axeld@pinc-software.de> |
* Symbols with templates are completely ignored for now (ie. they won't confuse the demangler anymore). * Functions with leading "__" won't confuse the demangler anymore either. * Added a maximum argument count of 32 to reduce the risk of endless loops. * Added protection against recursively calling get_next_argument_internal() more than once. * Added detection for floats, and doubles (long doubles will currently make it reject the symbol). git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@28032 a95241bf-73f2-0310-859d-f6bbb57e9c96
|
#
ddecb4a7da1e8c56af7f319cbb26f5e47e65f6f6 |
|
12-Oct-2008 |
Axel Dörfler <axeld@pinc-software.de> |
* Changed the way the demangle functionality works: instead of having a kernel debugger add-on set a demangle hook, all modules under debugger/demangle/ are now considered demangle modules. * Added another function to the demangle module interface that gives you access to the arguments. * Implemented a demangling module for GCC2. * The older demangling module is now called "gcc3+", but doesn't support getting the arguments yet. * The "call" KDL command is now using demangling to automatically show you the arguments of a call from a stack crawl. * Minor cleanup. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@28018 a95241bf-73f2-0310-859d-f6bbb57e9c96
|