[libunwind] Fix UB in EHHeaderParser::findFDE

When the EHHeaderInfo object filled by decodeEHHdr has fde_count == 0, findFDE does the following: - sets low = 0 and len = hdrInfo.fde_count as a preparation to start a binary search - because len is 0, the binary search loop is skipped - the code still tries to find a table entry at hdrInfo.table + low * tableEntrySize, and decode it. This is wrong when fde_count is 0, and trying to decode a table entry that isn't there will lead to reading garbage offsets and can cause segfaults. Differential Revision: https://reviews.llvm.org/D77679
author: Jorge Gorbe Moya <jgorbe@google.com> 2020-04-07 14:44:42 -0700
committer: Jorge Gorbe Moya <jgorbe@google.com> 2020-04-07 14:44:42 -0700
commit: 82576d6fecfec71725eb900111c000d772002449 (patch)
tree: 185482dd30c757f65a33292826beb41c7eab9477
parent: dbe86786f7f19c3f1338437f4275797e08501efd (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/libunwind/src/EHHeaderParser.hpp b/libunwind/src/EHHeaderParser.hpp
index 0101835b8e63..f97cca54825f 100644
--- a/libunwind/src/EHHeaderParser.hpp
+++ b/libunwind/src/EHHeaderParser.hpp
@@ -109,6 +109,8 @@ bool EHHeaderParser<A>::findFDE(A &addressSpace, pint_t pc, pint_t ehHdrStart,
                                       hdrInfo))
     return false;
 
+  if (hdrInfo.fde_count == 0) return false;
+
   size_t tableEntrySize = getTableEntrySize(hdrInfo.table_enc);
   pint_t tableEntry;
author	Jorge Gorbe Moya <jgorbe@google.com>	2020-04-07 14:44:42 -0700
committer	Jorge Gorbe Moya <jgorbe@google.com>	2020-04-07 14:44:42 -0700
commit	82576d6fecfec71725eb900111c000d772002449 (patch)
tree	185482dd30c757f65a33292826beb41c7eab9477
parent	dbe86786f7f19c3f1338437f4275797e08501efd (diff)