Freedom of Speech, Privacy, Science

I have not received any National Security Letter.

Please join the Electronic Frontier Foundation ( EFF.org ) and the fight for your rights on the Internet.

Please join the Union of Concerned Scientists ( uscusa.org ) in bringing science into improving all our lives (everyone is welcome to join).

Public Domain works are a vital part of any culture and there are repeated attempts to erode the Public Domain. For more information see the Center for the Study of the Public Domain at Duke University.

HOME Software Lotus Cars DWARF Kindle Solar
graphic with lotus elise and lotus elan

David's DWARF Work in Progress

2022-09-15

Libdwarf now supports a new section-compression library in addition to libz: libzstd, which has faster compression. These libraries are optional, but without the one needed for a particular section it is impossible for libdwarf to read the compressed section. Currently llvm is working on implementing this compression format, the clang/llvm option is --compress-debug-sections=zstd according to Michael Larabel.

2022-09-13

libdwarf 0.4.2 is now released. Thanks to Herman Narkaytis for suggestions in finding and dealing with leaks in dwarfdump and libdwarf. That effort is now complete and neither fsanitize or valgrind nor CoverityScan report any issues of leakage.

Some test sets that run with only N malloc allowed to succeed for a wide range of N >= 0 were created for this effort.

2022-09-09

Pushed the fix for a dwarfgen leak defect (via CoverityScan) today. Neither libdwarf nor dwarfdump leak now, even when malloc fails early or...whenever. That is not an absolute guarantee, but it is what tests show. Error reporting when malloc fails is much better now in a number of small ways. The fix to ossfuzz issue 51183 (libdwarf leakage of GNU debuglink and buildid sections) is fixed.

2022-09-08

In rare cases dealing with reading corrupted object files or the -h command dwarfdump could leak memory (not large amounts). And libdwarf could leak a one or two 40 byte records. These issues appear to have been fixed though testing of this is incomplete. So work is still going on, But all the usual tests pass.

2022-08-30

Added a github action building and checking libdwarf in FreeBSD. Thanks to Herman Narkaytis helping make this happen.

2022-08-29

A tentative release date for 0.4.2 has been set: 15 September 2022.

2022-08-28

As of Today Work In Progress is a separate html page making it a little closer to a blog :-)

Reminder: the libdwarf documentation has been entirely rewritten using doxygen as of February 2022. It has contents tables and links to tie things together, so it's much easier to read and find things than previously. See libdwarf-code/doc/libdwarf.pdf in release 0.4.1 or in the github source. An on-line html version is www.prevanders.net/libdwarfdoc/index.html

Vulnerabilities DW202207-001 and DW202208-001 were reported and fixed. Their fuzzed (corrupted) object files could possibly crash libdwarf. A big thank you to David Korczynski and Han Zheng for reporting the vulnerabilities and providing concise test cases. (28 August 2022)

Some fixes to the test build scripts (configure,meson,cmake) enable 'make check' (or equivalent for all three supported build systems) to work properly in Linux,MacOS, and now MinGW64 msys2 (Windows).

Warnings reported by Windows Visual Studio C compiler and by CoverityScan have been fixed. One of the warnings even identified a bug in dwarf_tsearchhash.c, though it was not a bug that affected any libdwarf API calls. Thanks to Vincent Torri for reporting Visual Studio's warnings. (28 August 2022)

2022-06-25 Release 0.4.1

Released library version v0.4.1. Includes fix for DW202206-001, a bug in dwarf_form.c when reading a carefully corrupted object file. (25 June 2022)

2022-06-29

Thanks to several people who have provided improvements to and detailed bug reports on libdwarf/dwarfdump for release 0.4.1. Heiko Becker, Ilfak Guilfanov, klueke, MaqiGod, pedronavf, Casper Sun, and major contributor Vincent Torri.

Casper Sun reported, 26 May 2022, a previously unknown vulnerability in libdwarf that can lead to a segmentation violation reading a carefully corrupted DWARF .debug_pubnames (or .debug_pubtypes) section, and provided such a corrupted object file for testing. DW202205-001 (Fixed 29 May 2022)

2022-04-17

Now doing builds on MacOS through github. See README.md for details. (April 17,2022)

2022-03-04 Release 0.4.0

The latest release is 0.4.0 released 2022-04-12. dwarf_xu_header_free() renamed to dwarf_dealloc_xu_header(). dwarf_gdbindex_free() renamed to dwarf_dealloc_gdbindex(). dwarf_loc_head_c_dealloc renamed to dwarf_dealloc_loc_head_c(). The unused Dwarf_Error argument to dwarf_return_empty_pubnames() has been removed. This completes the argument changes and function renaming that needed to be done. (March 4, 2022)

2022-03-04 small fix

It's come to our attention that building libdwarf.so on Windows with cmake does not get -DLIBDWARF_BUILD defined. In src/lib/libdwarf/CMakeLists.txt, around line 77 try:

-        target_compile_options(${target} PRIVATE ${DW_FWALL})
+    target_compile_options(${target} PRIVATE -DLIBDWARF_BUILD
+            ${DW_FWALL})

(February 25, 2022)

2022-02-25 Rewrite of libdwarf.pdf complete

libdwarf.pdf has been completely rewritten. A much easier to work with libdwarf.pdf is in release 0.3.4, created with doxygen. That content is available on the web as html. www.prevanders.net/libdwarfdoc (25 February 2022)

2022-02-25

We will be working on 0.4.0 soonish. Release 0.4.0 will have four function spelling changes and one argument delete, all to correct old mistakes. (25 February 2022)

2022-02-25 First meson builds

Thanks to Vincent Torri builds of much of the package can be done with meson. A particular configure build takes 48 seconds by the wall clock, but a meson build takes 3 seconds with the same build machine and C compiler. The meson commands are not yet well documented documented in README.md. (cmake and configure will be continue to be supported for the foreseeable future.) Thanks to Vasilly Prokopyev for noticing the PE reader code was doing one sanity check incorrectly. (20 February 2022)

2022-02-25 Simplification in #include setup

Thanks to Vincent Torri for major clarification and rearrangement of the #include entries in dwarfdump. (28 January 2022)

[top]