DeathHandler icon indicating copy to clipboard operation
DeathHandler copied to clipboard

Published 20 hours ago verified publisher icon vmarkovtsev

Segmentation fault in Debug::addr2line

Open mmurrian opened this issue 1 year ago • 0 comments

strstr(line, "\n") returns NULL if a newline is not found. Dereferencing without a NULL check causes a segmentation fault.

https://github.com/vmarkovtsev/DeathHandler/blob/911e4df429a89309b10111d76d232d4a7c2b5485/death_handler.cc#L438 https://github.com/vmarkovtsev/DeathHandler/blob/911e4df429a89309b10111d76d232d4a7c2b5485/death_handler.cc#L440

A bug in addr2line causes it to produce outputs such as the following for actually valid binaries:

addr2line: DWARF error: section .debug_info is larger than its filesize! (0x93ef57 vs 0x530ea0)\n

And for whatever reason, line will occasionally be read only partially through the pipe, e.g.:

addr2line: DWARF error: section .debug_info is larger than its filesize! (0x93ef57 vs 0x

I do not know whether the partial read is specifically related to this error or if it also happens with valid addr2line output. Either way, the partial read causes line not to have a trailing newline. Therefore, strstr returns NULL and the dereference of NULL + 1 causes a segmentation fault.

mmurrian avatar Jul 19 '22 17:07 mmurrian