Bug 393062 - Reading build-id ELF note through phdrs triggers "debuginfo reader: ensure_valid failed"
Summary: Reading build-id ELF note through phdrs triggers "debuginfo reader: ensure_v...
Status: RESOLVED FIXED
Alias: None
Product: valgrind
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR normal (vote)
Target Milestone: ---
Assignee: Julian Seward
URL: https://bugzilla.redhat.com/show_bug....
Keywords:
Depends on:
Blocks:
 
Reported: 2018-04-12 19:49 UTC by Mark Wielaard
Modified: 2018-04-16 14:56 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Wielaard 2018-04-12 19:49:32 UTC
Reported against the Fedora valgrind package.

valgrind /usr/bin/Xvfb :10
==7018== Memcheck, a memory error detector
==7018== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==7018== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==7018== Command: ./build/hw/vfb/Xvfb :10
==7018== 
==7018== Valgrind: debuginfo reader: ensure_valid failed:
==7018== Valgrind:   during call to ML_(img_get)
==7018== Valgrind:   request for range [460632, +12) exceeds
==7018== Valgrind:   valid image size of 333064 for image:
==7018== Valgrind:   "/usr/lib/debug/.build-id/3e/30f2307639da3a66b4c72c310049c659461253.debug"
==7018== 
==7018== Valgrind: debuginfo reader: Possibly corrupted debuginfo file.
==7018== Valgrind: I can't recover.  Giving up.  Sorry.
==7018== 

The issue is triggered when trying to read the build-id from a .debug file through the phdrs. The phdrs in a .debug file might not be valid (they are a copy of the main ELF file) and so even if a build-id is found it might be invalid (but we might not know). We really shouldn't even try.

This patch fixes the issue:

diff --git a/coregrind/m_debuginfo/readelf.c b/coregrind/m_debuginfo/readelf.c
index 70c28e629..8bd3e049c 100644
--- a/coregrind/m_debuginfo/readelf.c
+++ b/coregrind/m_debuginfo/readelf.c
@@ -1137,7 +1137,11 @@ HChar* find_buildid(DiImage* img, Bool rel_ok, Bool
search_shdrs)

       ElfXX_Ehdr ehdr;
       ML_(img_get)(&ehdr, img, 0, sizeof(ehdr));
-      for (i = 0; i < ehdr.e_phnum; i++) {
+      /* Skip the phdrs when we have to search the shdrs. In separate
+         .debug files the phdrs might not be valid (they are a copy of
+         the main ELF file) and might trigger assertions when getting
+        image notes based on them. */
+      for (i = 0; !search_shdrs && i < ehdr.e_phnum; i++) {
          ElfXX_Phdr phdr;
          ML_(img_get)(&phdr, img,
                       ehdr.e_phoff + i * ehdr.e_phentsize, sizeof(phdr));
Comment 1 Mark Wielaard 2018-04-16 14:56:56 UTC
commit f1f543a224eec5afd8cfddea70c1307ed0a20c55
Author: Mark Wielaard <mark@klomp.org>
Date:   Mon Apr 16 16:53:56 2018 +0200

    Don't read build-id ELF Note in .debug file through phdrs.
    
    Bug #393062 - Reading build-id ELF note through phdrs triggers
                  "debuginfo reader: ensure_valid failed"
    
    Skip the phdrs when we have to search the shdrs. In separate
    .debug files the phdrs might not be valid (they are a copy of
    the main ELF file) and might trigger assertions when getting
    image notes based on them.