Skip to content

Commit

Permalink
fix: Read section names safely (#641)
Browse files Browse the repository at this point in the history
Avoids a potential segfault reading the section names, and also falls back when `vm_readv` lacks permissions.
  • Loading branch information
Swatinem authored Jan 11, 2022
1 parent 9b88510 commit 3e4d3a4
Showing 1 changed file with 16 additions and 13 deletions.
29 changes: 16 additions & 13 deletions src/modulefinder/sentry_modulefinder_linux.c
Original file line number Diff line number Diff line change
Expand Up @@ -87,14 +87,17 @@ read_safely(void *dst, void *src, size_t size)
ssize_t nread = process_vm_readv(pid, local, 1, remote, 1, 0);
bool rv = nread == (ssize_t)size;

// The syscall is only available in Linux 3.2, meaning Android 17.
// If that is the case, just fall back to an unsafe memcpy.
#if defined(__ANDROID_API__) && __ANDROID_API__ < 17
if (!rv && errno == EINVAL) {
// The syscall can fail with `EPERM` if we lack permissions for this syscall
// (which is the case when running in Docker for example,
// See https://github.com/getsentry/sentry-native/issues/578).
// Also, the syscall is only available in Linux 3.2, meaning Android 17.
// In that case we get an `EINVAL`.
//
// In either of these cases, just fall back to an unsafe `memcpy`.
if (!rv && (errno == EPERM || errno == EINVAL)) {
memcpy(dst, src, size);
rv = true;
}
#endif
return rv;
}

Expand Down Expand Up @@ -315,15 +318,15 @@ get_code_id_from_text_fallback(const sentry_module_t *module)
elf.e_shoff + elf.e_shentsize * elf.e_shstrndx,
sizeof(Elf64_Shdr)));

const char *names = sentry__module_get_addr(
module, strheader.sh_offset, strheader.sh_entsize);
ENSURE(names);
for (int i = 0; i < elf.e_shnum; i++) {
Elf64_Shdr header;
ENSURE(sentry__module_read_safely(&header, module,
elf.e_shoff + elf.e_shentsize * i, sizeof(Elf64_Shdr)));

const char *name = names + header.sh_name;
char name[6];
ENSURE(sentry__module_read_safely(name, module,
strheader.sh_offset + header.sh_name, sizeof(name)));
name[5] = '\0';
if (header.sh_type == SHT_PROGBITS && strcmp(name, ".text") == 0) {
text = sentry__module_get_addr(
module, header.sh_offset, header.sh_size);
Expand All @@ -341,15 +344,15 @@ get_code_id_from_text_fallback(const sentry_module_t *module)
elf.e_shoff + elf.e_shentsize * elf.e_shstrndx,
sizeof(Elf32_Shdr)));

const char *names = sentry__module_get_addr(
module, strheader.sh_offset, strheader.sh_entsize);
ENSURE(names);
for (int i = 0; i < elf.e_shnum; i++) {
Elf32_Shdr header;
ENSURE(sentry__module_read_safely(&header, module,
elf.e_shoff + elf.e_shentsize * i, sizeof(Elf32_Shdr)));

const char *name = names + header.sh_name;
char name[6];
ENSURE(sentry__module_read_safely(name, module,
strheader.sh_offset + header.sh_name, sizeof(name)));
name[5] = '\0';
if (header.sh_type == SHT_PROGBITS && strcmp(name, ".text") == 0) {
text = sentry__module_get_addr(
module, header.sh_offset, header.sh_size);
Expand Down

0 comments on commit 3e4d3a4

Please sign in to comment.