This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: pr21665
- From: Nick Clifton <nickc at redhat dot com>
- To: Alan Modra <amodra at gmail dot com>
- Cc: Hans-Peter Nilsson <hp at bitrange dot com>, "binutils at sourceware dot org" <binutils at sourceware dot org>
- Date: Fri, 30 Jun 2017 15:54:18 +0100
- Subject: Re: pr21665
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=nickc at redhat dot com
- Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 97A4A80F9C
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 97A4A80F9C
- References: <20170630082308.GE25242@bubble.grove.modra.org> <ab120f7c-a71a-c996-69e2-8bbd2508b82a@redhat.com> <20170630112611.GF25242@bubble.grove.modra.org>
Hi Alan,
> I haven't looked at the bug in detail, but since the testcases are
> 64-bit, is the problem that on a 32-bit target we're not catching a
> size_t overflow?
No - the problem is that the testcase has a pathological .init section:
% readelf --wide -S POC2
...
[11] .init PROGBITS 0000000000401ab0 001ab0 800000001a 00 AX 0 0 4
...
Note the size - 0x8000000001a - this is too much for xmalloc() to handle,
(at least on my system), and it triggers an error report if run with
address sanitization enabled.
I do not think that we have to worry about overflow since datasize's type
is bfd_size_type, which is always going to be at least an unsigned long,
right ?
Cheers
Nick