https://sourceware.org/bugzilla/show_bug.cgi?id=33897
--- Comment #4 from Takao Sato <takaosato1997 at gmail dot com> --- (In reply to Alan Modra from comment #1) > This isn't really a bug. When the pointer expression overflow occurs, the > result of that expression is not used. Thanks for the quick review. Even if the computed pointer value is not subsequently used, the expression is still evaluated in UBSan-instrumented builds and is diagnosed as undefined behavior (“addition of unsigned offset … overflowed”). With UBSAN_OPTIONS=halt_on_error=1 this terminates the program (SIGILL/abort), which is a real robustness issue for sanitizer/CI/fuzzing configurations. >From my perspective this is at least worth fixing to avoid UB being evaluated in this code path (e.g., by guarding the arithmetic / using checked addition, or restructuring so the overflowing computation is not performed). This would prevent UBSan traps and keep readelf resilient when parsing malformed DWARF. If you consider UBSan-halting behavior out of scope, I’m happy to reclassify this as a “sanitizer robustness” issue rather than a security bug. However, eliminating the UB seems straightforward and would improve fuzzing signal quality. -- You are receiving this mail because: You are on the CC list for the bug.
