1. Takehiko NOZAKI Avatar Takehiko NOZAKI
  2. idiot
  3. NetBSD
  4. Issues

[tnozaki-elftoolchain] TNF local patch for libelf - LIBELF_COPY_U32/LIBELF_COPY_S32 range check

Issue #275 resolved
Takehiko NOZAKI repo owner created an issue

No description provided.

Comments (4)

  1. Takehiko NOZAKI reporter

    original code has bug, but thorpej's fix may causes another problem…

    LIBELF_COPY_U32:

    if ((SRC)->NAME > UINT32_MAX) {         \

    (SRC)->NAME mat take:

    • Elf32_{Word,Addr,Off} - uint32_t
    • Elf64_{XWord,Addr,Off} - uint64_t
      so this comparison may cause no effect when type is uint32_t.
      but gcc -Wtype-limits may not detect it unlike (SRC)->NAME < 0.
      lint(1) may cause alarm?

    LIBELF_COPY_S32:

    if ((SRC)->NAME > INT32_MAX ||          \
    (SRC)->NAME < INT32_MIN) {          \

    (SRC)->NAME may take:

    • Elf32_Word - uint32_t
    • Elf32_Sword - int32_t
    • Elf64_Xword - uint64_t
    • Elf64_Sxword - int64_t
      consider following case:
    • when (SRC)->NAME type is uint{32,64}_t, comparison x < INT32_MIN may not work correctly, apparently BUG
    • when uint32_t case, cast (int64_t)(SRC)->NAME cause -Werror=type-limits problem, for N WARNS=4 in mk.conf sets -this flag…

  2. Takehiko NOZAKI reporter

    oops, LIBELF_COPY_S32() case:

    $ grep LIBELF_COPY_S32
./dist/_libelf.h:#define        LIBELF_COPY_S32(DST,SRC,NAME)   do {                                                         \
./dist/gelf_dyn.c:              LIBELF_COPY_S32(dyn32, ds, d_tag);
./dist/gelf_rela.c:             LIBELF_COPY_S32(rela32, dr, r_addend);
$ grep d_tag elf_types.m4
        ``d_tag,        SWORD',
        ``d_tag,        SXWORD',
$ grep r_addend elf_types.m4
        `r_addend,      SWORD',
        `r_addend,      SXWORD',

    only copy signed integer, unsigned integer is not used.

    so previous comment is wrong, there’s no bug here.

  5. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Votes
0
Watchers
1