bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Report UBSan integer overflow bugs found by automatic tools


From: He Jingxuan
Subject: Re: Report UBSan integer overflow bugs found by automatic tools
Date: Thu, 29 Jul 2021 15:09:40 +0000

Dear Alan,

Thanks for your information!

UBSan indeed has an option to turn on complaints about unsigned integer overflow (-fsanitize=unsigned-integer-overflow). Unsigned integer overflow has caused bugs in binutils that were fixed (see https://sourceware.org/bugzilla/show_bug.cgi?id=24131 for example).

Based on our inspection, most bugs reported by us result in wrong offsets or addresses. The *.err files provide exact bug location and bug triggering values, which can be used to quickly decide if the bugs are true or false positives. Could you please take a deeper look into the bugs?

For example, objcopy02.err shows that the bug happens at line 397 of file bfd/bfdio.c, which causes the bfd file (variable abfd) points to a wrong position (abfd->where overflows):

int
bfd_seek (bfd *abfd, file_ptr position, int direction)
{
...
        abfd->where += position; // line 397
...
}

Best,
Jingxuan

On 29 Jul 2021, at 16:07, Alan Modra <amodra@gmail.com> wrote:

On Thu, Jul 29, 2021 at 08:25:37AM +0000, He  Jingxuan wrote:
Dear binutils developers,

How is going with analyzing and fixing these bugs? Any feedback?

See https://lists.gnu.org/archive/html/bug-binutils/2021-06/msg00149.html
Your email was flagged as being malware and not delivered to anyone.

I see all of these reports are unsigned integer overflow, which is an
odd thing for ubsan to complain about.  Overflow of unsigned integers
is not undefined behaviour!

--
Alan Modra
Australia Development Lab, IBM


reply via email to

[Prev in Thread] Current Thread [Next in Thread]