This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] nptl_db: Check TA in td_ta_map_lwp2thr()

From: "Maciej W. Rozycki" <macro at codesourcery dot com>
To: libc-alpha at sourceware dot org
Cc: "Maciej W. Rozycki" <macro at linux-mips dot org>
Date: Sat, 22 Aug 2009 00:56:45 +0100 (BST)
Subject: [PATCH] nptl_db: Check TA in td_ta_map_lwp2thr()

Hello,

 While debugging a problem with gdbserver, it has come to my attention 
that, while the caller shouldn't be deliberately passing an invalid thread 
agent (TA) specifier to td_ta_map_lwp2thr(), this function should still 
handle this case gracefully.  The thread_db library this function belongs 
to reserves the TD_BADTA error code for such a case and uses it with other 
functions accordingly.

 Now __td_ta_lookup_th_unique(), a helper function for td_ta_map_lwp2thr() 
does validate the TA, but in the case of a NULL pointer it is not reached 
as td_ta_map_lwp2thr() crashes while evaluating the following statement:

  td_err_e err = DB_GET_SYMBOL (list, ta, __stack_user);

which is executed before the helper is reached.

 The patch below fixes the problem for me.  Note that the check cannot be 
simply relocated here from __td_ta_lookup_th_unique(), because the helper 
is referred to from elsewhere too (alternatively, the check might be 
relocated to the other calling place -- please let me know if that would 
be preferable; there's a small performance hit from doing the check twice, 
but that does not affect code correctness).

 This also brings up a conclusion this:

  LOG ("td_ta_map_lwp2thr");

statement is misplaced (the helper can be reached from elsewhere or, if 
actually called from td_ta_map_lwp2thr(), it may not be reached at all), 
but this is a separate problem, not related to this issue.

2009-08-21  Maciej W. Rozycki  <macro@codesourcery.com>

	* nptl_db/td_ta_map_lwp2thr.c (td_ta_map_lwp2thr): Validate the 
	thread agent specifier passed.

 Regression-tested successfully, please apply.

  Maciej

glibc-2.10.90-20090820-nptl_db-badta.patch
diff --git a/nptl_db/td_ta_map_lwp2thr.c b/nptl_db/td_ta_map_lwp2thr.c
index 78cfcab..21626ac 100644
--- a/nptl_db/td_ta_map_lwp2thr.c
+++ b/nptl_db/td_ta_map_lwp2thr.c
@@ -181,6 +181,10 @@ td_ta_map_lwp2thr (const td_thragent_t *ta_arg,
 {
   td_thragent_t *const ta = (td_thragent_t *) ta_arg;
 
+  /* Test whether the TA parameter is ok.  */
+  if (! ta_ok (ta))
+    return TD_BADTA;
+
   /* We cannot rely on thread registers and such information at all
      before __pthread_initialize_minimal has gotten far enough.  They
      sometimes contain garbage that would confuse us, left by the kernel

Follow-Ups:
- Re: [PATCH] nptl_db: Check TA in td_ta_map_lwp2thr()
  - From: Roland McGrath

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]