Hi Aleksei,
On Wed, Jan 25, 2023 at 04:05:30PM +0000, Aleksei Vetrov via Elfutils-devel
wrote:
> From: Aleksei Vetrov <vvv...@google.com>
>
> __libdw_get_uleb128 and __libdw_get_sleb128 should check if addrp has
> already reached the end before unrolling the first step. It is done by
> moving __libdw_max_len to the beginning of the function, which already
> has all the checks.
I understand why you might want to add these extra safeguards. But
when the bounds checking and unrolling for get_uleb128/get_sleb128 was
introduced the idea was that they should only be called with addrp <
endp. Precisely so at least one byte could be read without needing to
bounds check.
See the following commits:
commit 7a053473c7bedd22e3db39c444a4cd8f97eace25
Author: Mark Wielaard <m...@redhat.com>
Date: Sun Dec 14 21:48:23 2014 +0100
libdw: Add get_uleb128 and get_sleb128 bounds checking.
Both get_uleb128 and get_sleb128 now take an end pointer to prevent
reading too much data. Adjust all callers to provide the end pointer.
There are still two exceptions. "Raw" dwarf_getabbrevattr and
read_encoded_valued don't have a end pointer associated yet.
They will have to be provided in the future.
Signed-off-by: Mark Wielaard <m...@redhat.com>
commit 54662f13d14d59d44943543c48bdb21d50dd008d
Author: Josh Stone <jist...@redhat.com>
Date: Mon Dec 15 12:18:25 2014 -0800
libdw: pre-compute leb128 loop limits
Signed-off-by: Josh Stone <jist...@redhat.com>
commit 1b5477ddf360af0f6262c6f15a590448b4e1a65a
Author: Mark Wielaard <m...@redhat.com>
Date: Tue Dec 16 10:53:22 2014 +0100
libdw: Unroll the first get_sleb128 step to help the compiler optimize.
The common case is a single-byte. So no extra (max len) calculation is
necessary then.
Signed-off-by: Mark Wielaard <m...@redhat.com>
Now this was 8 years ago and might have been too optimistic. Maybe we
missed some checks? Did you actually find situations where these
functions were called with addrp >= endp?
It turns out that get_[su]leb128 dominates some operations and really
does have to be as fast as possible. So I do like to know what the
impact is of this change.
Thanks,
Mark
