Make mmap usage safe/sound

src/symbolize/gimli.rs

@@ -4,18 +4,15 @@
 
 use self::gimli::read::EndianSlice;
 use self::gimli::NativeEndian as Endian;
-use self::mmap::Mmap;
 use self::stash::Stash;
 use super::BytesOrWideString;
 use super::ResolveWhat;
 use super::SymbolName;
 use addr2line::gimli;
-use core::convert::TryInto;
 use core::mem;
 use core::u32;
 use libc::c_void;
 use mystd::ffi::OsString;
-use mystd::fs::File;
 use mystd::path::Path;
 use mystd::prelude::v1::*;
 
@@ -26,41 +23,14 @@ mod mystd {
 #[cfg(not(backtrace_in_libstd))]
 extern crate std as mystd;
 
-cfg_if::cfg_if! {
-    if #[cfg(windows)] {
-        #[path = "gimli/mmap_windows.rs"]
-        mod mmap;
-    } else if #[cfg(target_vendor = "apple")] {
-        #[path = "gimli/mmap_unix.rs"]
-        mod mmap;
-    } else if #[cfg(any(
-        target_os = "android",
-        target_os = "freebsd",
-        target_os = "fuchsia",
-        target_os = "haiku",
-        target_os = "hurd",
-        target_os = "linux",
-        target_os = "openbsd",
-        target_os = "solaris",
-        target_os = "illumos",
-        target_os = "aix",
-    ))] {
-        #[path = "gimli/mmap_unix.rs"]
-        mod mmap;
-    } else {
-        #[path = "gimli/mmap_fake.rs"]
-        mod mmap;
-    }
-}
-
 mod stash;
 
 const MAPPINGS_CACHE_SIZE: usize = 4;
 
 struct Mapping {
     // 'static lifetime is a lie to hack around lack of support for self-referential structs.
     cx: Context<'static>,
-    _map: Mmap,
+    _map: Vec<u8>,
     stash: Stash,
 }
 
@@ -74,7 +44,7 @@ impl Mapping {
     /// Creates a `Mapping` by ensuring that the `data` specified is used to
     /// create a `Context` and it can only borrow from that or the `Stash` of
     /// decompressed sections or auxiliary data.
-    fn mk<F>(data: Mmap, mk: F) -> Option<Mapping>
+    fn mk<F>(data: Vec<u8>, mk: F) -> Option<Mapping>
     where
         F: for<'a> FnOnce(&'a [u8], &'a Stash) -> Option<Context<'a>>,
     {
@@ -86,7 +56,7 @@ impl Mapping {
 
     /// Creates a `Mapping` from `data`, or if the closure decides to, returns a
     /// different mapping.
-    fn mk_or_other<F>(data: Mmap, mk: F) -> Option<Mapping>
+    fn mk_or_other<F>(data: Vec<u8>, mk: F) -> Option<Mapping>
     where
         F: for<'a> FnOnce(&'a [u8], &'a Stash) -> Option<Either<Mapping, Context<'a>>>,
     {
@@ -184,12 +154,6 @@ impl<'data> Context<'data> {
     }
 }
 
-fn mmap(path: &Path) -> Option<Mmap> {
-    let file = File::open(path).ok()?;
-    let len = file.metadata().ok()?.len().try_into().ok()?;
-    unsafe { Mmap::map(&file, len) }
-}
-
 cfg_if::cfg_if! {
     if #[cfg(windows)] {
         mod coff;

src/symbolize/gimli/coff.rs

@@ -1,3 +1,4 @@
+use super::mystd::fs;
 use super::{gimli, Context, Endian, EndianSlice, Mapping, Path, Stash, Vec};
 use alloc::sync::Arc;
 use core::convert::TryFrom;
@@ -14,7 +15,7 @@ type Pe = object::pe::ImageNtHeaders64;
 
 impl Mapping {
     pub fn new(path: &Path) -> Option<Mapping> {
-        let map = super::mmap(path)?;
+        let map = fs::read(path).ok()?;
         Mapping::mk(map, |data, stash| {
             Context::new(stash, Object::parse(data)?, None, None)
         })

src/symbolize/gimli/elf.rs

@@ -19,7 +19,7 @@ type Elf = object::elf::FileHeader64<NativeEndian>;
 
 impl Mapping {
     pub fn new(path: &Path) -> Option<Mapping> {
-        let map = super::mmap(path)?;
+        let map = fs::read(path).ok()?;
         Mapping::mk_or_other(map, |map, stash| {
             let object = Object::parse(&map)?;
 
@@ -45,7 +45,7 @@ impl Mapping {
 
     /// Load debuginfo from an external debug file.
     fn new_debug(original_path: &Path, path: PathBuf, crc: Option<u32>) -> Option<Mapping> {
-        let map = super::mmap(&path)?;
+        let map = fs::read(&path).ok()?;
         Mapping::mk(map, |map, stash| {
             let object = Object::parse(&map)?;
 
@@ -56,7 +56,7 @@ impl Mapping {
             // Try to locate a supplementary object file.
             let mut sup = None;
             if let Some((path_sup, build_id_sup)) = object.gnu_debugaltlink_path(&path) {
-                if let Some(map_sup) = super::mmap(&path_sup) {
+                if let Ok(map_sup) = fs::read(&path_sup) {
                     let map_sup = stash.cache_mmap(map_sup);
                     if let Some(sup_) = Object::parse(map_sup) {
                         if sup_.build_id() == Some(build_id_sup) {
@@ -84,7 +84,7 @@ impl Mapping {
             })
             .unwrap_or_else(|| "dwp".into());
         path_dwp.set_extension(dwp_extension);
-        if let Some(map_dwp) = super::mmap(&path_dwp) {
+        if let Ok(map_dwp) = fs::read(&path_dwp) {
             let map_dwp = stash.cache_mmap(map_dwp);
             if let Some(dwp_) = Object::parse(map_dwp) {
                 return Some(dwp_);
@@ -473,7 +473,7 @@ pub(super) fn handle_split_dwarf<'data>(
 
     path.push(convert_path(load.path.as_ref()?).ok()?);
 
-    if let Some(map_dwo) = super::mmap(&path) {
+    if let Ok(map_dwo) = fs::read(&path) {
         let map_dwo = stash.cache_mmap(map_dwo);
         if let Some(dwo) = Object::parse(map_dwo) {
             return gimli::Dwarf::load(|id| -> Result<_, ()> {

src/symbolize/gimli/libs_windows.rs

@@ -1,6 +1,7 @@
 use super::super::super::windows_sys::*;
+use super::mystd::fs;
 use super::mystd::os::windows::prelude::*;
-use super::{coff, mmap, Library, LibrarySegment, OsString};
+use super::{coff, Library, LibrarySegment, OsString};
 use alloc::vec;
 use alloc::vec::Vec;
 use core::mem;
@@ -75,7 +76,7 @@ unsafe fn load_library(me: &MODULEENTRY32W) -> Option<Library> {
     //
     // For now it appears that unlike ELF/MachO we can make do with one
     // segment per library, using `modBaseSize` as the whole size.
-    let mmap = mmap(name.as_ref())?;
+    let mmap = fs::read(&name).ok()?;
     let image_base = coff::get_image_base(&mmap)?;
     let base_addr = me.modBaseAddr as usize;
     Some(Library {

src/symbolize/gimli/macho.rs

@@ -1,3 +1,4 @@
+use super::mystd::fs;
 use super::{gimli, Box, Context, Endian, EndianSlice, Mapping, Path, Stash, Vec};
 use alloc::sync::Arc;
 use core::convert::TryInto;
@@ -20,7 +21,7 @@ impl Mapping {
     pub fn new(path: &Path) -> Option<Mapping> {
         // First up we need to load the unique UUID which is stored in the macho
         // header of the file we're reading, specified at `path`.
-        let map = super::mmap(path)?;
+        let map = fs::read(path).ok()?;
         let (macho, data) = find_header(&map)?;
         let endian = macho.endian().ok()?;
         let uuid = macho.uuid(endian, data, 0).ok()?;
@@ -74,7 +75,7 @@ impl Mapping {
         // information.
         for entry in dir.read_dir().ok()? {
             let entry = entry.ok()?;
-            let map = super::mmap(&entry.path())?;
+            let map = fs::read(&entry.path()).ok()?;
             let candidate = Mapping::mk(map, |data, stash| {
                 let (macho, data) = find_header(data)?;
                 let endian = macho.endian().ok()?;
@@ -285,7 +286,7 @@ fn object_mapping(file: &object::read::ObjectMapFile<'_>) -> Option<Mapping> {
     use super::mystd::ffi::OsStr;
     use super::mystd::os::unix::prelude::*;
 
-    let map = super::mmap(Path::new(OsStr::from_bytes(file.path())))?;
+    let map = fs::read(Path::new(OsStr::from_bytes(file.path()))).ok()?;
     let member_name = file.member();
     Mapping::mk(map, |data, stash| {
         let data = match member_name {

src/symbolize/gimli/stash.rs

@@ -2,15 +2,14 @@
 // only used on Linux right now, so allow dead code elsewhere
 #![cfg_attr(not(target_os = "linux"), allow(dead_code))]
 
-use super::Mmap;
 use alloc::vec;
 use alloc::vec::Vec;
 use core::cell::UnsafeCell;
 
 /// A simple arena allocator for byte buffers.
 pub struct Stash {
     buffers: UnsafeCell<Vec<Vec<u8>>>,
-    mmaps: UnsafeCell<Vec<Mmap>>,
+    mmaps: UnsafeCell<Vec<Vec<u8>>>,
 }
 
 impl Stash {
@@ -34,9 +33,9 @@ impl Stash {
         &mut buffers[i]
     }
 
-    /// Stores a `Mmap` for the lifetime of this `Stash`, returning a pointer
+    /// Stores a `Vec<u8>` for the lifetime of this `Stash`, returning a pointer
     /// which is scoped to just this lifetime.
-    pub fn cache_mmap(&self, map: Mmap) -> &[u8] {
+    pub fn cache_mmap(&self, map: Vec<u8>) -> &[u8] {
         // SAFETY: this is the only location for a mutable pointer to
         // `mmaps`, and this structure isn't threadsafe to shared across
         // threads either. We also never remove elements from `self.mmaps`,

src/symbolize/gimli/xcoff.rs

@@ -1,4 +1,5 @@
 use super::mystd::ffi::{OsStr, OsString};
+use super::mystd::fs;
 use super::mystd::os::unix::ffi::OsStrExt;
 use super::mystd::str;
 use super::{gimli, Context, Endian, EndianSlice, Mapping, Path, Stash, Vec};
@@ -18,7 +19,7 @@ type Xcoff = object::xcoff::FileHeader64;
 
 impl Mapping {
     pub fn new(path: &Path, member_name: &OsString) -> Option<Mapping> {
-        let map = super::mmap(path)?;
+        let map = fs::read(path).ok()?;
         Mapping::mk(map, |data, stash| {
             if member_name.is_empty() {
                 Context::new(stash, Object::parse(data)?, None, None)
@@ -80,7 +81,7 @@ pub fn parse_xcoff(data: &[u8]) -> Option<Image> {
 }
 
 pub fn parse_image(path: &Path, member_name: &OsString) -> Option<Image> {
-    let map = super::mmap(path)?;
+    let map = fs::read(path).ok()?;
     let data = map.deref();
     if member_name.is_empty() {
         return parse_xcoff(data);