Re: Report UBSan integer overflow bugs found by automatic tools

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Report UBSan integer overflow bugs found by automatic tools

From:	Alan Modra
Subject:	Re: Report UBSan integer overflow bugs found by automatic tools
Date:	Fri, 30 Jul 2021 15:38:04 +0930

On Thu, Jul 29, 2021 at 03:09:40PM +0000, He  Jingxuan wrote:
> Dear Alan,
> 
> Thanks for your information!
> 
> UBSan indeed has an option to turn on complaints about unsigned integer 
> overflow (-fsanitize=unsigned-integer-overflow). Unsigned integer overflow 
> has caused bugs in binutils that were fixed (see 
> https://sourceware.org/bugzilla/show_bug.cgi?id=24131 for example).
> 
> Based on our inspection, most bugs reported by us result in wrong offsets or 
> addresses. The *.err files provide exact bug location and bug triggering 
> values, which can be used to quickly decide if the bugs are true or false 
> positives. Could you please take a deeper look into the bugs?

../../libiberty/argv.c:478:27: runtime error: unsigned integer overflow: 0 - 1 
cannot be represented in type 'unsigned long'
../../libiberty/argv.c:478:14: runtime error: unsigned integer overflow: 3 + 
18446744073709551615 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/bfdio.c:397:14: runtime error: unsigned integer overflow: 24 + 
18446744073709551600 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/elfcore.h:233:43: runtime error: unsigned integer overflow: 
18446744073709537336 + 14280 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/coffcode.h:1921:56: runtime error: unsigned integer overflow: 0 - 1 
cannot be represented in type 'unsigned long'

A bug.  Lack of sanity checking.

../../bfd/coffcode.h:2601:27: runtime error: unsigned integer overflow: 
18446744073265032094 + 444596226 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/coffcode.h:4392:43: runtime error: unsigned integer overflow: 0 - 
335544324 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/coffcode.h:5079:26: runtime error: unsigned integer overflow: 76704 - 
4294967295 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/coffgen.c:1192:27: runtime error: unsigned integer overflow: 
18446744073709490606 + 61235 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/coffgen.c:1676:38: runtime error: unsigned integer overflow: 
18446744071562069503 * 18 cannot be represented in type 'unsigned long'
../../bfd/coffgen.c:1676:7: runtime error: unsigned integer overflow: 32799 + 
18446744073709551598 cannot be represented in type 'unsigned long'

Lack of sanity checking again.

../../bfd/coffgen.c:1988:30: runtime error: unsigned integer overflow: 
4294967295 + 1 cannot be represented in type 'unsigned int'

A bug.

../../bfd/elf.c:12069:41: runtime error: unsigned integer overflow: 
18446744073709551604 + 32 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/elf.c:12077:41: runtime error: unsigned integer overflow: 
18446744073709551600 + 64 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/elf.c:12062:56: runtime error: unsigned integer overflow: 
18446744073709551580 + 64 cannot be represented in type 'unsigned long'

Not a bug.

peXXigen.c:561:26: runtime error: unsigned integer overflow: 4294967295 + 
18446744073709551615 cannot be represented in type 'unsigned long'

Not a bug.

peXXigen.c:569:31: runtime error: unsigned integer overflow: 4294967295 + 
18446744073709551615 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/elf.c:5543:36: runtime error: unsigned integer overflow: 16777216 + 
18446744073709289469 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/elf.c:5715:20: runtime error: unsigned integer overflow: 128 - 
2147483724 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/elf.c:5717:15: runtime error: unsigned integer overflow: 0 - 1996 
cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/elf.c:5789:32: runtime error: unsigned integer overflow: 
18446744073709549620 + 1996 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/elf.c:5791:33: runtime error: unsigned integer overflow: 262147 - 
294915 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/elf.c:6289:10: runtime error: unsigned integer overflow: 
18446744073709551594 + 22 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/elf.c:7265:10: runtime error: unsigned integer overflow: 0 - 22 
cannot be represented in type 'unsigned long'

Not a bug.

i../../bfd/elf.c:7285:21: runtime error: unsigned integer overflow: 22 - 64 
cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/elf.c:7299:21: runtime error: unsigned integer overflow: 0 - 7 cannot 
be represented in type 'unsigned long'

Not a bug.

../../bfd/elf.c:7449:4: runtime error: unsigned integer overflow: 0 - 32 cannot 
be represented in type 'unsigned long'

Not a bug.

../../bfd/elf.c:7614:32: runtime error: unsigned integer overflow: 0 - 
134217728 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/elf.c:7615:32: runtime error: unsigned integer overflow: 0 - 
335544322 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/tekhex.c:496:34: runtime error: unsigned integer overflow: 17476 - 
13421772 cannot be represented in type 'unsigned long'

Not a bug.

../../bfd/tekhex.c:544:33: runtime error: unsigned integer overflow: 0 - 5 
cannot be represented in type 'unsigned int'

Not a bug.

../../bfd/tekhex.c:893:37: runtime error: unsigned integer overflow: 
18445843353784078336 + 900719925474099 cannot be represented in type 'unsigned 
long'

Not a bug.

../../binutils/readelf.c:21264:2: runtime error: unsigned integer overflow: 
18446744073709551615 + 1 cannot be represented in type 'unsigned long'

A bug.

../../binutils/readelf.c:17095:45: runtime error: unsigned integer overflow: 0 
- 32752 cannot be represented in type 'unsigned long'

Not a bug.

../../binutils/readelf.c:5586:13: runtime error: unsigned integer overflow: 
4226819 - 1785358848 cannot be represented in type 'unsigned long'

Not a bug.

../../binutils/readelf.c:5586:28: runtime error: unsigned integer overflow: 
18446744073178963944 + 536870912 cannot be represented in type 'unsigned long'

Not a bug.

../../binutils/readelf.c:9312:17: runtime error: unsigned integer overflow: 
18446744073709421054 + 4294967299 cannot be represented in type 'unsigned long'

Not a bug.

I'll be committing a few fixes for the real bugs you found.

-- 
Alan Modra
Australia Development Lab, IBM

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Report UBSan integer overflow bugs found by automatic tools, He Jingxuan, 2021/07/29
- Re: Report UBSan integer overflow bugs found by automatic tools, Alan Modra, 2021/07/29
  - Re: Report UBSan integer overflow bugs found by automatic tools, He Jingxuan, 2021/07/29
    - Re: Report UBSan integer overflow bugs found by automatic tools, Alan Modra <=
    - Re: Report UBSan integer overflow bugs found by automatic tools, He Jingxuan, 2021/07/30

Prev by Date: [Bug binutils/26206] Add pei-aarch64 support for native EFI support
Next by Date: Re: Report UBSan integer overflow bugs found by automatic tools
Previous by thread: Re: Report UBSan integer overflow bugs found by automatic tools
Next by thread: Re: Report UBSan integer overflow bugs found by automatic tools
Index(es):
- Date
- Thread