This is the mail archive of the
gdb@sources.redhat.com
mailing list for the GDB project.
Re: Is it possible to overflow baton->size in dwarf_mark_symbols_computed() in dwarf2read.c?
- From: Daniel Jacobowitz <drow at false dot org>
- To: "Cuthbertson, Reva D." <reva_cuthbertson at hp dot com>
- Cc: gdb at sources dot redhat dot com
- Date: Fri, 13 May 2005 11:25:32 -0400
- Subject: Re: Is it possible to overflow baton->size in dwarf_mark_symbols_computed() in dwarf2read.c?
- References: <B6C7F31B85669143825614FC8FE64929040F79D1@cacexc04.americas.cpqcorp.net>
On Fri, May 13, 2005 at 08:18:47AM -0700, Cuthbertson, Reva D. wrote:
> Hello,
>
> I had a question regarding the following assignment in
> dwarf2_mark_symbol_computed() in dwarf2read.c:
>
> baton->size = dwarf2_per_objfile->loc_size - DW_UNSND (attr);
>
> The field "loc_size" in dwarf2_per_objfile is declared to be an unsigned
> integer and attr.u.unsnd (expansion of DW_UNSND (attr)) is declared to
> be an unsigned long but the "size" field in dwarf2_loclist_baton and
> dwarf2_locexpr_baton defined in dwarf2loc.h is defined to be an unsigned
> short. Is it possible to overflow baton->size with the above
> calculation?
Yes, this seems possible. Size is used for overflow checking only at
this point; saturating at USHORT_MAX seems reasonable.
Have you encountered this problem?
--
Daniel Jacobowitz
CodeSourcery, LLC