[Bug binutils/17512] libbfd/binutils: crashes on fuzzed samples

[pcarroll at codesourcery dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=17512

Paul Carroll <pcarroll at codesourcery dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |pcarroll at codesourcery dot 
com

--- Comment #233 from Paul Carroll <pcarroll at codesourcery dot com> ---
If I may say so, I believe the issue of synthetic symbols is not being handled
correctly by the patch here.
The 'is_synthetic' flag was added to 'print_symbol()'.
The flag itself is set in 'print_size_symbols()' and 'print_symbols()' by just
deciding that the last 'synth_count' symbols in the list are synthetic.
However, since there are 2 different methods of sorting these symbols, either
with the 'qsort()' or the call to 'sort_symbols_by_size()', it is unlikely that
the last 'synth_count' symbols of each sort will all be synthetic.
There is also the added call to 'filter_symbols()' before the sorts, which may
or may not remove synthetic symbols, while not adjusting the 'synth_count'
value.
(If no synthetic symbols are filtered, then there is no harm - I haven't looked
at the filter function yet)

In my opinion, it makes more sense to remove the 'from >= fromsynth' from the
calls to 'print_symbol()' and 'print_size_symbols()', since the last
'synth_count' symbols are not going to be synthetic.
Likewise, 'print_symbols()' can drop the 'is_synthetic' argument.
Instead, the symbol's flag can be tested to see if BSF_SYNTHETIC is set.
By doing that, the position of the symbol in the sorted list is irrelevant.

I am assuming that only synthetic symbols are being created with the
BSF_SYNTHETIC flag set.  That seems to match the code in the bfd directory.

-- 
You are receiving this mail because:
You are on the CC list for the bug.