Subject: Re: [boost] [stacktrace] Partial review
From: Florian Weimer (fw_at_[hidden])
Date: 2017-03-27 11:19:34
* Antony Polukhin:
>> addr2line_pipe uses execvp, which could lead to evaluation of the PATH
>> variable from programs which underwent an AT_SECURE transition (e.g.,
>> SUID programs), which could lead to privilege escalation issues.
> I'm providing an absolute path to the executable, so there must be no
> PATH evaluation. Am I missing something?
I'm talking about this:
char prog_name = "addr2line";
As far as I can see, this is not just used as the argv argument,
but also as the program to execute.
>> With inlining, a single stack frame can expand to a list of source
>> locations (reflecting the inlineed call stack). The current design
>> does not take that into account.
> I've found no system API to get multiple locations. So the Stacktrace
> API is designed to have at most 1 location.
addr2line can optionally resolve inlining information. The additional
frames come from the DWARF data.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk