Fix handling of possible bad gnu_debugdata_size.
Rather than use a std::vector for backing memory, allocate the memory
using a new with nothrow, and in MemoryBuffer use realloc. Since
the size field is coming from the elf, it could be corrupted or
intentionally crafted to cause problems.
In addition, add some other protections to make sure that overflows
don't occur.
Bug: 146215949
Test: Ran unit tests with jemalloc and scudo to verify that they
Test: both behave the same way.
Change-Id: If14243ce382ba5403a6bacd0ec673452c6b7c3be
diff --git a/libunwindstack/Memory.cpp b/libunwindstack/Memory.cpp
index a66cd5b..8de3d98 100644
--- a/libunwindstack/Memory.cpp
+++ b/libunwindstack/Memory.cpp
@@ -206,12 +206,12 @@
}
size_t MemoryBuffer::Read(uint64_t addr, void* dst, size_t size) {
- if (addr >= raw_.size()) {
+ if (addr >= size_) {
return 0;
}
- size_t bytes_left = raw_.size() - static_cast<size_t>(addr);
- const unsigned char* actual_base = static_cast<const unsigned char*>(raw_.data()) + addr;
+ size_t bytes_left = size_ - static_cast<size_t>(addr);
+ const unsigned char* actual_base = static_cast<const unsigned char*>(raw_) + addr;
size_t actual_len = std::min(bytes_left, size);
memcpy(dst, actual_base, actual_len);
@@ -219,7 +219,7 @@
}
uint8_t* MemoryBuffer::GetPtr(size_t offset) {
- if (offset < raw_.size()) {
+ if (offset < size_) {
return &raw_[offset];
}
return nullptr;