fix: bound DWARF .eh_frame_hdr parsing to the section#571
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c6e3fc8393
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| if (fde < _section_start || fde >= _section_end) { | ||
| continue; |
There was a problem hiding this comment.
For normal Linux ELFs, the PT_GNU_EH_FRAME segment size passed from symbols_linux.cpp covers only .eh_frame_hdr, while the table entries resolve to FDE records in the adjacent .eh_frame section. With this check, valid FDE offsets that are outside the header are skipped, so the parser builds an empty DWARF table and loses per-PC unwind/default-frame detection for regular shared libraries and executables.
Useful? React with 👍 / 👎.
|
1 participant
What does this PR do?:
Fix bound checking on untrusted section size, avoid infinite loops, and fix small fuzz-harness only memory leak.
Motivation:
Make the dwarf parser more reliable.
Additional Notes:
How to test the change?:
For Datadog employees:
credentials of any kind, I've requested a review from
@DataDog/security-design-and-guidance.Unsure? Have a question? Request a review!