From patchwork Mon Sep 9 11:39:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 1982551 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=hxfhIyFB; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=8.43.85.97; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4X2Pxs6Tkwz1y1S for ; Mon, 9 Sep 2024 21:39:29 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 144EC3858D20 for ; Mon, 9 Sep 2024 11:39:28 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTP id 5687C3858D20 for ; Mon, 9 Sep 2024 11:39:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5687C3858D20 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5687C3858D20 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1725881953; cv=none; b=MSVGMuaL4xC5v84zvsXwhyfkAzeP/zOzecihKMr6DNLa+xKgdvY02jQNSE/eWO8lv6T2EEVIzT/+upWX1H3ZWoGTn8T9BKsURh3bxfGEHEIfLUgg2LYATBUnmnlAoOPplUquPp/ekDRC1n9rAxjHimvE47X8SpxurSvEvLEu9TE= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1725881953; c=relaxed/simple; bh=4ssjfO028u3qtS0WDeH3aFVHMIMwS25ycVyTHDO9Zoo=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=rWZejL54sXYG+KyAEqZoYcmK9fiLvMt10RBOUgAAXLh1OsKK13D6hesct6mmUj9pCu6I/QuMnAZEjrRf17X6l1ctT0j+2cTbQWQLWDcMTIdTm5TAvAObnsybNf/YGDonCZN7/VUXv5ZD7GnnvYtev9qyYJmqBpbgnXOUD1IDkiA= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1725881952; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+cvmehh+7Zq2dXNvyBHTgIBoMOwyRGFGwQRhf0gVy2g=; b=hxfhIyFBIMdDfgV728u8mwBNnN772tvHksWnvqtMSIantgEZ/S1hIQLxVtYztp+iJ4AF8I jfzE2fVx9hQTCQVFyFkHh/X1o3JGpPADRqaJrJI68g2Mq6gIWZIg4WPGhq3QJJ4fTcBbRY 6X7tXxj92rxtD+c1VAtolL1jeu6f+CM= Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-468-LNGrRFNVPUmgiapVEehXKg-1; Mon, 09 Sep 2024 07:39:09 -0400 X-MC-Unique: LNGrRFNVPUmgiapVEehXKg-1 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 1A3D81955F79; Mon, 9 Sep 2024 11:39:08 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.2.16.4]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id B2CDE1956053; Mon, 9 Sep 2024 11:39:06 +0000 (UTC) From: Florian Weimer To: libc-alpha@sourceware.org Cc: Andreas Schwab Subject: [PATCH v2] debug: Fix read error handling in pcprofiledump Date: Mon, 09 Sep 2024 13:39:03 +0200 Message-ID: <87jzflnjjc.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-10.8 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org The reading loops did not check for read failures. Addresses a static analysis report. Manually tested by compiling a program with the GCC's -finstrument-functions option, running it with “LD_PRELOAD=debug/libpcprofile.so PCPROFILE_OUTPUT=output-file”, and reviewing the output of “debug/pcprofiledump output-file”. --- v2: Consolidate error message selection in read_exactly. This addresses Andreas' reviewer comment that error messages should only be translated upon demand. debug/pcprofiledump.c | 81 ++++++++++++++++++++++++++++----------------------- 1 file changed, 45 insertions(+), 36 deletions(-) base-commit: 43669fcf7315f494bbbc2c040cedeb0fa8416a5f diff --git a/debug/pcprofiledump.c b/debug/pcprofiledump.c index 049a9c2744..10a66bde67 100644 --- a/debug/pcprofiledump.c +++ b/debug/pcprofiledump.c @@ -75,6 +75,40 @@ static struct argp argp = options, parse_opt, args_doc, doc, NULL, more_help }; +/* Try to read SIZE bytes from FD and store them on BUF. Terminate + the processes with ERROR_MESSAGE upon read error. Also terminate + the process if less than SIZE bytes are remaining in the file. If + !IN_HEADER, do not terminate the process if the end of the file is + encountered immediately. + + Returns true if SIZE bytes have been read, and false if no bytes + have been read due to an end-of-file condition. */ +static bool +read_exactly (int fd, void *buffer, size_t size, const char *error_message, + bool in_header) +{ + char *p = buffer; + char *end = p + size; + while (p < end) + { + ssize_t ret = TEMP_FAILURE_RETRY (read (fd, p, end - p)); + if (ret < 0) + error (EXIT_FAILURE, errno, + in_header ? _("cannot read header") + : _("cannot read pointer pair")); + if (ret == 0) + { + if (p == buffer && !in_header) + /* Nothing has been read. */ + return false; + error (EXIT_FAILURE, 0, + in_header ? _("unexpected end of file in header") + : _("unexpected end of file in pointer pair")); + } + p += ret; + } + return true; +} int main (int argc, char *argv[]) @@ -110,8 +144,7 @@ main (int argc, char *argv[]) /* Read the first 4-byte word. It contains the information about the word size and the endianness. */ uint32_t word; - if (TEMP_FAILURE_RETRY (read (fd, &word, 4)) != 4) - error (EXIT_FAILURE, errno, _("cannot read header")); + read_exactly (fd, &word, sizeof (word), _("cannot read header"), true); /* Check whether we have to swap the byte order. */ int must_swap = (word & 0x0fffffff) == bswap_32 (0xdeb00000); @@ -121,56 +154,32 @@ main (int argc, char *argv[]) /* We have two loops, one for 32 bit pointers, one for 64 bit pointers. */ if (word == 0xdeb00004) { - union - { - uint32_t ptrs[2]; - char bytes[8]; - } pair; + uint32_t ptrs[2]; while (1) { - size_t len = sizeof (pair); - size_t n; - - while (len > 0 - && (n = TEMP_FAILURE_RETRY (read (fd, &pair.bytes[8 - len], - len))) != 0) - len -= n; - - if (len != 0) - /* Nothing to read. */ + if (!read_exactly (fd, ptrs, sizeof (ptrs), + N_("cannot read pointer pair"), false)) break; printf ("this = %#010" PRIx32 ", caller = %#010" PRIx32 "\n", - must_swap ? bswap_32 (pair.ptrs[0]) : pair.ptrs[0], - must_swap ? bswap_32 (pair.ptrs[1]) : pair.ptrs[1]); + must_swap ? bswap_32 (ptrs[0]) : ptrs[0], + must_swap ? bswap_32 (ptrs[1]) : ptrs[1]); } } else if (word == 0xdeb00008) { - union - { - uint64_t ptrs[2]; - char bytes[16]; - } pair; + uint64_t ptrs[2]; while (1) { - size_t len = sizeof (pair); - size_t n; - - while (len > 0 - && (n = TEMP_FAILURE_RETRY (read (fd, &pair.bytes[8 - len], - len))) != 0) - len -= n; - - if (len != 0) - /* Nothing to read. */ + if (!read_exactly (fd, ptrs, sizeof (ptrs), + N_("cannot read pointer pair"), false)) break; printf ("this = %#018" PRIx64 ", caller = %#018" PRIx64 "\n", - must_swap ? bswap_64 (pair.ptrs[0]) : pair.ptrs[0], - must_swap ? bswap_64 (pair.ptrs[1]) : pair.ptrs[1]); + must_swap ? bswap_64 (ptrs[0]) : ptrs[0], + must_swap ? bswap_64 (ptrs[1]) : ptrs[1]); } } else