[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Report UBSan integer overflow bugs found by automatic tools
From: |
Alan Modra |
Subject: |
Re: Report UBSan integer overflow bugs found by automatic tools |
Date: |
Fri, 30 Jul 2021 15:38:04 +0930 |
On Thu, Jul 29, 2021 at 03:09:40PM +0000, He Jingxuan wrote:
> Dear Alan,
>
> Thanks for your information!
>
> UBSan indeed has an option to turn on complaints about unsigned integer
> overflow (-fsanitize=unsigned-integer-overflow). Unsigned integer overflow
> has caused bugs in binutils that were fixed (see
> https://sourceware.org/bugzilla/show_bug.cgi?id=24131 for example).
>
> Based on our inspection, most bugs reported by us result in wrong offsets or
> addresses. The *.err files provide exact bug location and bug triggering
> values, which can be used to quickly decide if the bugs are true or false
> positives. Could you please take a deeper look into the bugs?
../../libiberty/argv.c:478:27: runtime error: unsigned integer overflow: 0 - 1
cannot be represented in type 'unsigned long'
../../libiberty/argv.c:478:14: runtime error: unsigned integer overflow: 3 +
18446744073709551615 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/bfdio.c:397:14: runtime error: unsigned integer overflow: 24 +
18446744073709551600 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/elfcore.h:233:43: runtime error: unsigned integer overflow:
18446744073709537336 + 14280 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/coffcode.h:1921:56: runtime error: unsigned integer overflow: 0 - 1
cannot be represented in type 'unsigned long'
A bug. Lack of sanity checking.
../../bfd/coffcode.h:2601:27: runtime error: unsigned integer overflow:
18446744073265032094 + 444596226 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/coffcode.h:4392:43: runtime error: unsigned integer overflow: 0 -
335544324 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/coffcode.h:5079:26: runtime error: unsigned integer overflow: 76704 -
4294967295 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/coffgen.c:1192:27: runtime error: unsigned integer overflow:
18446744073709490606 + 61235 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/coffgen.c:1676:38: runtime error: unsigned integer overflow:
18446744071562069503 * 18 cannot be represented in type 'unsigned long'
../../bfd/coffgen.c:1676:7: runtime error: unsigned integer overflow: 32799 +
18446744073709551598 cannot be represented in type 'unsigned long'
Lack of sanity checking again.
../../bfd/coffgen.c:1988:30: runtime error: unsigned integer overflow:
4294967295 + 1 cannot be represented in type 'unsigned int'
A bug.
../../bfd/elf.c:12069:41: runtime error: unsigned integer overflow:
18446744073709551604 + 32 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/elf.c:12077:41: runtime error: unsigned integer overflow:
18446744073709551600 + 64 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/elf.c:12062:56: runtime error: unsigned integer overflow:
18446744073709551580 + 64 cannot be represented in type 'unsigned long'
Not a bug.
peXXigen.c:561:26: runtime error: unsigned integer overflow: 4294967295 +
18446744073709551615 cannot be represented in type 'unsigned long'
Not a bug.
peXXigen.c:569:31: runtime error: unsigned integer overflow: 4294967295 +
18446744073709551615 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/elf.c:5543:36: runtime error: unsigned integer overflow: 16777216 +
18446744073709289469 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/elf.c:5715:20: runtime error: unsigned integer overflow: 128 -
2147483724 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/elf.c:5717:15: runtime error: unsigned integer overflow: 0 - 1996
cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/elf.c:5789:32: runtime error: unsigned integer overflow:
18446744073709549620 + 1996 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/elf.c:5791:33: runtime error: unsigned integer overflow: 262147 -
294915 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/elf.c:6289:10: runtime error: unsigned integer overflow:
18446744073709551594 + 22 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/elf.c:7265:10: runtime error: unsigned integer overflow: 0 - 22
cannot be represented in type 'unsigned long'
Not a bug.
i../../bfd/elf.c:7285:21: runtime error: unsigned integer overflow: 22 - 64
cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/elf.c:7299:21: runtime error: unsigned integer overflow: 0 - 7 cannot
be represented in type 'unsigned long'
Not a bug.
../../bfd/elf.c:7449:4: runtime error: unsigned integer overflow: 0 - 32 cannot
be represented in type 'unsigned long'
Not a bug.
../../bfd/elf.c:7614:32: runtime error: unsigned integer overflow: 0 -
134217728 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/elf.c:7615:32: runtime error: unsigned integer overflow: 0 -
335544322 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/tekhex.c:496:34: runtime error: unsigned integer overflow: 17476 -
13421772 cannot be represented in type 'unsigned long'
Not a bug.
../../bfd/tekhex.c:544:33: runtime error: unsigned integer overflow: 0 - 5
cannot be represented in type 'unsigned int'
Not a bug.
../../bfd/tekhex.c:893:37: runtime error: unsigned integer overflow:
18445843353784078336 + 900719925474099 cannot be represented in type 'unsigned
long'
Not a bug.
../../binutils/readelf.c:21264:2: runtime error: unsigned integer overflow:
18446744073709551615 + 1 cannot be represented in type 'unsigned long'
A bug.
../../binutils/readelf.c:17095:45: runtime error: unsigned integer overflow: 0
- 32752 cannot be represented in type 'unsigned long'
Not a bug.
../../binutils/readelf.c:5586:13: runtime error: unsigned integer overflow:
4226819 - 1785358848 cannot be represented in type 'unsigned long'
Not a bug.
../../binutils/readelf.c:5586:28: runtime error: unsigned integer overflow:
18446744073178963944 + 536870912 cannot be represented in type 'unsigned long'
Not a bug.
../../binutils/readelf.c:9312:17: runtime error: unsigned integer overflow:
18446744073709421054 + 4294967299 cannot be represented in type 'unsigned long'
Not a bug.
I'll be committing a few fixes for the real bugs you found.
--
Alan Modra
Australia Development Lab, IBM