bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/27874] Incomplete result on `nm-new`


From: amodra at gmail dot com
Subject: [Bug binutils/27874] Incomplete result on `nm-new`
Date: Mon, 17 May 2021 01:13:38 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=27874

Alan Modra <amodra at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|                            |2021-05-17
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |NEW
           Severity|normal                      |enhancement

--- Comment #1 from Alan Modra <amodra at gmail dot com> ---
You (or your fuzzer) have created dwarf info with a DW_AT_high_pc attribute
using DW_FORM_block.  That is invalid dwarf.  DW_AT_high_pc takes constant or
address forms.  The bfd dwarf reader makes use of a structure containing a
union to store attribute values:
(gdb) p attr
$43 = {name = DW_AT_high_pc, form = DW_FORM_block, u = {str = 0xb30388 "", blk
= 0xb30388, val = 11731848, sval = 11731848}}

u.blk is a pointer into memory.  The code returning DW_AT_high_pc value does
not sanity check the form of the attribute, so returns a pointer into allocated
memory as an integer.  That value depends on the executable layout, the runtime
libraries, and the sequence of memory allocations before the one allocating
u.blk.
Which explains why different compilers get different results.

I'm not inclined to add sanity checking code for the sake of fuzzers that
either slows down the performance or increases memory usage of binutils, in
cases like this where there is no incorrect program behaviour involved
(segmentation faults, hangs, or suchlike).  This is just a case of garbage in,
garbage out.

Marking the bug as an enhancement request, in case someone thinks sanity
checking dwarf attributes is worth the slowdown in normal use cases.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]