This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Re: malformed elf causes invalid shiftleft in readelf -S with ubsan
- From: Mark Wielaard <mjw at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Mon, 26 Jan 2015 15:41:30 +0100
- Subject: Re: malformed elf causes invalid shiftleft in readelf -S with ubsan
On Sun, 2015-01-25 at 14:30 -0800, Josh Stone wrote:
> On 01/25/2015 11:42 AM, Hanno Böck wrote:
> > When compiling elfutils with undefined behaviour sanitizer
> > (-fsanitize=undefined) a warning will be shown indicating an invalid
> > shiftleft operation on the attached elf file:
> >
> > readelf.c:1133:28: runtime error: left shift of 1 by 31 places cannot
> > be represented in type 'int'
> >
> > Tested with elfutils-0.161. This was found with zzuf.
>
> Ah, this has nothing to do with your input -- "readelf -S readelf" also
> triggers the same message.
>
> That line is:
>
> if (shdr->sh_flags & SHF_EXCLUDE)
>
> That macro is:
>
> #define SHF_EXCLUDE (1 << 31)
>
> Now, shdr is GElf_Shdr*, a typedef of Elf64_Shdr, so sh_flags is
> Elf64_Xword. Even the 32-bit case has Elf32_Word, which is unsigned so
> it would be fine. But (1 << 31) will be evaluated as int *before* the
> type promotion for "&". It should probably be (1U << 31) instead, and
> maybe use 1U for all flags to be consistent.
Nice find. So any use of SHF_EXCLUDE on an architecture that has 32bit
ints triggers undefined behavior. Your suggested fix was also used in a
similar case in commit 7c757b "readelf.c (print_gdb_index_section): Use
unsigned int for 31 bits left shift."
elf.h is actually part of glibc and we just import a new version when
needed. Would you mind suggesting the fix there
(libc-alpha@sourceware.org) and when accepted we'll import the new elf.h
header.
Thanks,
Mark