Boost logo

Boost :

Subject: Re: [boost] [stacktrace] Partial review
From: Florian Weimer (fw_at_[hidden])
Date: 2017-03-27 11:19:34

* Antony Polukhin:

>> addr2line_pipe uses execvp, which could lead to evaluation of the PATH
>> variable from programs which underwent an AT_SECURE transition (e.g.,
>> SUID programs), which could lead to privilege escalation issues.
> I'm providing an absolute path to the executable, so there must be no
> PATH evaluation. Am I missing something?

I'm talking about this:

        char prog_name[] = "addr2line";

As far as I can see, this is not just used as the argv[0] argument,
but also as the program to execute.

>> With inlining, a single stack frame can expand to a list of source
>> locations (reflecting the inlineed call stack). The current design
>> does not take that into account.
> I've found no system API to get multiple locations. So the Stacktrace
> API is designed to have at most 1 location.

addr2line can optionally resolve inlining information. The additional
frames come from the DWARF data.

Boost list run by bdawes at, gregod at, cpdaniel at, john at