https://sourceware.org/bugzilla/show_bug.cgi?id=24829
Nick Clifton <nickc at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |WAITING
--- Comment #9 from Nick Clifton <nickc at redhat dot com> ---
(In reply to tfx from comment #7)
Hi tfx,
> You can reproduce it use "readelf -w poc5" with ASAN.
> The crash output show as follow.
Again I cannot reproduce this failure. :-(
Part of the problem is that I am unable to build 32-bit binaries
with address sanitization enabled. I think that this is a limitation
of the Fedora distribution, but I do not know of any way around the
problem.
> 2063 data = block_start + uvalue;
> 2064 if (block_start + uvalue > end || data < block_start)
> 2065 {
> 2066 warn (_("Corrupt attribute block length: %lx\n"), (long)
> uvalue);
> 2067 uvalue = end - block_start;
> 2068 }
> When "uvalue" is a specific value, "block_start + uvalue" will cause
> integer overflow. This will cause a wrong "data" value and trigger crash.
I get the "block_start + uvalue" can overflow, but won't this trigger
the "data < block_start" part of the test ? Which in turn will reset
uvalue to a sane number, and so allow the rest of the code to continue ?
> It seems that reporting this type of bug has no meaning. What do you think?
Oh no, they are definitely worth reporting. It is just proving to be
very hard for me to track down the cause of the problems and come up
with fixes that will work.
Cheers
Nick
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
