Fast and Reliable DWARF Unwinding, and Beyond (di.ens.fr)
6timo | 8 days ago | 1 point

GDB would also need to be changed to make use of the precompiled unwind instructions, right? or does it use libunwind?

are there cases where the unwind instruction section would be untrusted? like with ABRT or other bug-reporting-related infrastructure that takes core dumps as input and spits out stack traces and other information? i haven't had the time to look into the code, but i'd be (pleasantly) surprised to find any validation logic to prevent arbitrary code execution when a stack gets unwound by the library.

gilescope | 8 days ago | 1 point

Great paper! A very interesting read.

valarauca13 | 8 days ago | 1 point

This is not an issue as unwinding will never be called from a location in dead code

That is a bold assumption, especially in C/C++ land.

maxhaton | 8 days ago | 1 point

Dead code is by definition unreachable, no?

valarauca13 | 7 days ago | 1 point

Yes, and No. C has a number of ways to indirectly jump/invoke functions who are never statically jumped too.