On Thu, Jul 29, 2021 at 03:09:40PM +0000, He Jingxuan wrote: > Dear Alan, > > Thanks for your information! > > UBSan indeed has an option to turn on complaints about unsigned integer > overflow (-fsanitize=unsigned-integer-overflow). Unsigned integer overflow > has caused bugs in binutils that were fixed (see > https://sourceware.org/bugzilla/show_bug.cgi?id=24131 for example). > > Based on our inspection, most bugs reported by us result in wrong offsets or > addresses. The *.err files provide exact bug location and bug triggering > values, which can be used to quickly decide if the bugs are true or false > positives. Could you please take a deeper look into the bugs?
../../libiberty/argv.c:478:27: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned long' ../../libiberty/argv.c:478:14: runtime error: unsigned integer overflow: 3 + 18446744073709551615 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/bfdio.c:397:14: runtime error: unsigned integer overflow: 24 + 18446744073709551600 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elfcore.h:233:43: runtime error: unsigned integer overflow: 18446744073709537336 + 14280 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/coffcode.h:1921:56: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned long' A bug. Lack of sanity checking. ../../bfd/coffcode.h:2601:27: runtime error: unsigned integer overflow: 18446744073265032094 + 444596226 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/coffcode.h:4392:43: runtime error: unsigned integer overflow: 0 - 335544324 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/coffcode.h:5079:26: runtime error: unsigned integer overflow: 76704 - 4294967295 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/coffgen.c:1192:27: runtime error: unsigned integer overflow: 18446744073709490606 + 61235 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/coffgen.c:1676:38: runtime error: unsigned integer overflow: 18446744071562069503 * 18 cannot be represented in type 'unsigned long' ../../bfd/coffgen.c:1676:7: runtime error: unsigned integer overflow: 32799 + 18446744073709551598 cannot be represented in type 'unsigned long' Lack of sanity checking again. ../../bfd/coffgen.c:1988:30: runtime error: unsigned integer overflow: 4294967295 + 1 cannot be represented in type 'unsigned int' A bug. ../../bfd/elf.c:12069:41: runtime error: unsigned integer overflow: 18446744073709551604 + 32 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:12077:41: runtime error: unsigned integer overflow: 18446744073709551600 + 64 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:12062:56: runtime error: unsigned integer overflow: 18446744073709551580 + 64 cannot be represented in type 'unsigned long' Not a bug. peXXigen.c:561:26: runtime error: unsigned integer overflow: 4294967295 + 18446744073709551615 cannot be represented in type 'unsigned long' Not a bug. peXXigen.c:569:31: runtime error: unsigned integer overflow: 4294967295 + 18446744073709551615 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:5543:36: runtime error: unsigned integer overflow: 16777216 + 18446744073709289469 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:5715:20: runtime error: unsigned integer overflow: 128 - 2147483724 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:5717:15: runtime error: unsigned integer overflow: 0 - 1996 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:5789:32: runtime error: unsigned integer overflow: 18446744073709549620 + 1996 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:5791:33: runtime error: unsigned integer overflow: 262147 - 294915 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:6289:10: runtime error: unsigned integer overflow: 18446744073709551594 + 22 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:7265:10: runtime error: unsigned integer overflow: 0 - 22 cannot be represented in type 'unsigned long' Not a bug. i../../bfd/elf.c:7285:21: runtime error: unsigned integer overflow: 22 - 64 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:7299:21: runtime error: unsigned integer overflow: 0 - 7 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:7449:4: runtime error: unsigned integer overflow: 0 - 32 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:7614:32: runtime error: unsigned integer overflow: 0 - 134217728 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/elf.c:7615:32: runtime error: unsigned integer overflow: 0 - 335544322 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/tekhex.c:496:34: runtime error: unsigned integer overflow: 17476 - 13421772 cannot be represented in type 'unsigned long' Not a bug. ../../bfd/tekhex.c:544:33: runtime error: unsigned integer overflow: 0 - 5 cannot be represented in type 'unsigned int' Not a bug. ../../bfd/tekhex.c:893:37: runtime error: unsigned integer overflow: 18445843353784078336 + 900719925474099 cannot be represented in type 'unsigned long' Not a bug. ../../binutils/readelf.c:21264:2: runtime error: unsigned integer overflow: 18446744073709551615 + 1 cannot be represented in type 'unsigned long' A bug. ../../binutils/readelf.c:17095:45: runtime error: unsigned integer overflow: 0 - 32752 cannot be represented in type 'unsigned long' Not a bug. ../../binutils/readelf.c:5586:13: runtime error: unsigned integer overflow: 4226819 - 1785358848 cannot be represented in type 'unsigned long' Not a bug. ../../binutils/readelf.c:5586:28: runtime error: unsigned integer overflow: 18446744073178963944 + 536870912 cannot be represented in type 'unsigned long' Not a bug. ../../binutils/readelf.c:9312:17: runtime error: unsigned integer overflow: 18446744073709421054 + 4294967299 cannot be represented in type 'unsigned long' Not a bug. I'll be committing a few fixes for the real bugs you found. -- Alan Modra Australia Development Lab, IBM
