From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1062)
 id ACC513856947; Sat,  6 Aug 2022 09:13:43 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org ACC513856947
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Alan Modra <amodra@sourceware.org>
To: bfd-cvs@sourceware.org
Subject: [binutils-gdb] ubsan: som.c undefined shift in som_set_reloc_info
X-Act-Checkin: binutils-gdb
X-Git-Author: Alan Modra <amodra@gmail.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 9663a947c09f63f75491dd4ad2f38fb448142240
X-Git-Newrev: 77b38f6db98e046232ecaac11b61c453965fb75a
Message-Id: <20220806091343.ACC513856947@sourceware.org>
Date: Sat,  6 Aug 2022 09:13:43 +0000 (GMT)
X-BeenThere: binutils-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils-cvs mailing list <binutils-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils-cvs/>
List-Help: <mailto:binutils-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Aug 2022 09:13:43 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D77b38f6db98e=
046232ecaac11b61c453965fb75a

commit 77b38f6db98e046232ecaac11b61c453965fb75a
Author: Alan Modra <amodra@gmail.com>
Date:   Sat Aug 6 10:34:04 2022 +0930

    ubsan: som.c undefined shift in som_set_reloc_info
   =20
    Do the shift using unsigned variables to avoid UB on << 8.
   =20
            * som.c (som_set_reloc_info): Make v unsigned.  Localise some
            variables to their blocks.

Diff:
---
 bfd/som.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/bfd/som.c b/bfd/som.c
index 90928b7641d..d33ad67561a 100644
--- a/bfd/som.c
+++ b/bfd/som.c
@@ -4941,13 +4941,9 @@ som_set_reloc_info (unsigned char *fixup,
 		    unsigned int symcount,
 		    bool just_count)
 {
-  unsigned int op, varname, deallocate_contents =3D 0;
+  unsigned int deallocate_contents =3D 0;
   unsigned char *end_fixups =3D &fixup[end];
-  const struct fixup_format *fp;
-  const char *cp;
-  unsigned char *save_fixup;
-  int variables[26], stack[20], c, v, count, prev_fixup, *sp, saved_unwind=
_bits;
-  const int *subop;
+  int variables[26], stack[20], count, prev_fixup, *sp, saved_unwind_bits;
   arelent *rptr =3D internal_relocs;
   unsigned int offset =3D 0;
=20
@@ -4966,10 +4962,14 @@ som_set_reloc_info (unsigned char *fixup,
=20
   while (fixup < end_fixups)
     {
+      const char *cp;
+      unsigned int op;
+      const struct fixup_format *fp;
+
       /* Save pointer to the start of this fixup.  We'll use
 	 it later to determine if it is necessary to put this fixup
 	 on the queue.  */
-      save_fixup =3D fixup;
+      unsigned char *save_fixup =3D fixup;
=20
       /* Get the fixup code and its associated format.  */
       op =3D *fixup++;
@@ -5015,11 +5015,15 @@ som_set_reloc_info (unsigned char *fixup,
       while (*cp)
 	{
 	  /* The variable this pass is going to compute a value for.  */
-	  varname =3D *cp++;
+	  unsigned int varname =3D *cp++;
+	  const int *subop;
+	  int c;
=20
 	  /* Start processing RHS.  Continue until a NULL or '=3D' is found.  */
 	  do
 	    {
+	      unsigned v;
+
 	      c =3D *cp++;
=20
 	      /* If this is a variable, push it on the stack.  */