https://sourceware.org/bugzilla/show_bug.cgi?id=28687
Bug ID: 28687
Summary: Undefined behavior in bfd/dwarf1.c
Product: binutils
Version: 2.38 (HEAD)
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: binutils
Assignee: unassigned at sourceware dot org
Reporter: npv1310 at gmail dot com
Target Milestone: ---
In function 'parse_die' there is an undefined behavior in expressions like xptr
+ block_len < xptr. Due to variable 'block_len' being unsigned integer, such
expressions may be completely omitted by compiler as demonstrated by the
following proof-of-concept:
The function
int test(char *p, unsigned int sz)
{
return p + sz < p;
}
may be turned into the following assembly code
.file "test.c"
.text
.p2align 4,,15
.globl test
.type test, @function
test:
.LFB0:
.cfi_startproc
xorl %eax, %eax
ret
.cfi_endproc
.LFE0:
.size test, .-test
.ident "GCC: (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0"
.section .note.GNU-stack,"",@progbits
by the command
gcc -O2 -S -o- test.c
So the external function 'test' always returns 0.
To be precise, the issues comes in the code fragments labeled with
'FORM_BLOCK2' and 'FORM_BLOCK4'.
--
You are receiving this mail because:
You are on the CC list for the bug.
