From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) by sourceware.org (Postfix) with ESMTPS id 24745395147A for ; Mon, 31 Aug 2020 10:53:37 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 24745395147A Received: by mail-pf1-x429.google.com with SMTP id f18so365101pfa.10 for ; Mon, 31 Aug 2020 03:53:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=ISyErJtccOn8ePyKJDEYYPqRLZrbojLH6J2mJUVBZ+Y=; b=neh3zZOADVyiov0yz8a1DK91XFvDexDfFgM4WsqcCQmJxk4UxH01s2j8vxoOyN7zjO iVSeBy8fApnW2U1H/kRlrxF5pm3HCqCTA4mBw4t/Q0fEjfTWqlwgqqs4a+Bi3Q/YG6BJ J63DXcdYazfZb+Kdh4FuGeG+bWxdZPndVBhEKaTnocquv8Q3jKdkOQw46F3LluwdyaZa JR4+/4kb5Y6NYXgN60Y1KpWkOkiH/4QQ3O4ovEko5jZHBrm5wVyIs4mF4aRvK48qsTsy jDFvk1DVz3iN3ZOZ7qM9Ezk0HgsQ03vpzXNKPWpy+A6SDMThTQj29/VDzgy+UmETyfrc 97rw== X-Gm-Message-State: AOAM532oINyFAqzOvRxXWnSU5Rvsk1Lzzxpe33JWoEg8ikIRY2zNrP9u a2WEtpy3sboTs+2k4PsqdjNvr3kQyxiAIg== X-Google-Smtp-Source: ABdhPJz1X2l10VK+gjK7vnlKRpPQPTvdO+d99L10ZTkNA1MsoDJHoxS/zToDuya3+KfAn44teFC/BA== X-Received: by 2002:a62:19cd:: with SMTP id 196mr823335pfz.143.1598871215901; Mon, 31 Aug 2020 03:53:35 -0700 (PDT) Received: from bubble.grove.modra.org ([2406:3400:51d:8cc0:c543:706:99a3:1068]) by smtp.gmail.com with ESMTPSA id 25sm7471180pfj.73.2020.08.31.03.53.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 31 Aug 2020 03:53:35 -0700 (PDT) From: Alan Modra To: binutils@sourceware.org Subject: PR26466 UBSAN: elf32-mep.c:300 left shift of negative value Date: Mon, 31 Aug 2020 20:20:28 +0930 Message-Id: <20200831105041.29238-9-amodra@gmail.com> X-Mailer: git-send-email 2.17.1 X-Spam-Status: No, score=-10.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Aug 2020 10:53:38 -0000 PR 26466 * mep-relocs.pl (emit_apply): Handle HI16S adjustment. Use "u" variable and rewrite signed overflow check. * elf32-mep.c: Regenerate. (mep_final_link_relocate): Delete "s". diff --git a/bfd/elf32-mep.c b/bfd/elf32-mep.c index c5775de649..ef8c10049e 100644 --- a/bfd/elf32-mep.c +++ b/bfd/elf32-mep.c @@ -221,7 +221,6 @@ mep_final_link_relocate bfd_vma relocation) { unsigned long u; - long s; unsigned char *byte; bfd_vma pc; bfd_reloc_status_type r = bfd_reloc_ok; @@ -242,12 +241,12 @@ mep_final_link_relocate + input_section->output_offset + rel->r_offset); - s = relocation + rel->r_addend; + u = relocation + rel->r_addend; byte = (unsigned char *)contents + rel->r_offset; if (howto->type == R_MEP_PCREL24A2 - && s == 0 + && u == 0 && pc >= 0x800000) { /* This is an unreachable branch to an undefined weak function. @@ -257,9 +256,7 @@ mep_final_link_relocate } if (howto->pc_relative) - s -= pc; - - u = (unsigned long) s; + u -= pc; switch (howto->type) { @@ -281,25 +278,25 @@ mep_final_link_relocate byte[3^e4] = (u & 0xff); break; case R_MEP_PCREL8A2: /* --------7654321- */ - if (-128 > s || s > 127) r = bfd_reloc_overflow; - byte[1^e2] = (byte[1^e2] & 0x01) | (s & 0xfe); + if (u + 128 > 255) r = bfd_reloc_overflow; + byte[1^e2] = (byte[1^e2] & 0x01) | (u & 0xfe); break; case R_MEP_PCREL12A2: /* ----ba987654321- */ - if (-2048 > s || s > 2047) r = bfd_reloc_overflow; - byte[0^e2] = (byte[0^e2] & 0xf0) | ((s >> 8) & 0x0f); - byte[1^e2] = (byte[1^e2] & 0x01) | (s & 0xfe); + if (u + 2048 > 4095) r = bfd_reloc_overflow; + byte[0^e2] = (byte[0^e2] & 0xf0) | ((u >> 8) & 0x0f); + byte[1^e2] = (byte[1^e2] & 0x01) | (u & 0xfe); break; case R_MEP_PCREL17A2: /* ----------------gfedcba987654321 */ - if (-65536 > s || s > 65535) r = bfd_reloc_overflow; - byte[2^e2] = ((s >> 9) & 0xff); - byte[3^e2] = ((s >> 1) & 0xff); + if (u + 65536 > 131071) r = bfd_reloc_overflow; + byte[2^e2] = ((u >> 9) & 0xff); + byte[3^e2] = ((u >> 1) & 0xff); break; case R_MEP_PCREL24A2: /* -----7654321----nmlkjihgfedcba98 */ - if (-8388608 > s || s > 8388607) r = bfd_reloc_overflow; - byte[0^e2] = (byte[0^e2] & 0xf8) | ((s >> 5) & 0x07); - byte[1^e2] = (byte[1^e2] & 0x0f) | ((s << 3) & 0xf0); - byte[2^e2] = ((s >> 16) & 0xff); - byte[3^e2] = ((s >> 8) & 0xff); + if (u + 8388608 > 16777215) r = bfd_reloc_overflow; + byte[0^e2] = (byte[0^e2] & 0xf8) | ((u >> 5) & 0x07); + byte[1^e2] = (byte[1^e2] & 0x0f) | ((u << 3) & 0xf0); + byte[2^e2] = ((u >> 16) & 0xff); + byte[3^e2] = ((u >> 8) & 0xff); break; case R_MEP_PCABS24A2: /* -----7654321----nmlkjihgfedcba98 */ if (u > 16777215) r = bfd_reloc_overflow; @@ -317,22 +314,21 @@ mep_final_link_relocate byte[3^e2] = ((u >> 16) & 0xff); break; case R_MEP_HI16S: /* ----------------vutsrqponmlkjihg */ - if (s & 0x8000) - s += 0x10000; - byte[2^e2] = ((s >> 24) & 0xff); - byte[3^e2] = ((s >> 16) & 0xff); + u += 0x8000; + byte[2^e2] = ((u >> 24) & 0xff); + byte[3^e2] = ((u >> 16) & 0xff); break; case R_MEP_GPREL: /* ----------------fedcba9876543210 */ - s -= mep_sdaoff_base(rel->r_offset); - if (-32768 > s || s > 32767) r = bfd_reloc_overflow; - byte[2^e2] = ((s >> 8) & 0xff); - byte[3^e2] = (s & 0xff); + u -= mep_sdaoff_base(rel->r_offset); + if (u + 32768 > 65535) r = bfd_reloc_overflow; + byte[2^e2] = ((u >> 8) & 0xff); + byte[3^e2] = (u & 0xff); break; case R_MEP_TPREL: /* ----------------fedcba9876543210 */ - s -= mep_tpoff_base(rel->r_offset); - if (-32768 > s || s > 32767) r = bfd_reloc_overflow; - byte[2^e2] = ((s >> 8) & 0xff); - byte[3^e2] = (s & 0xff); + u -= mep_tpoff_base(rel->r_offset); + if (u + 32768 > 65535) r = bfd_reloc_overflow; + byte[2^e2] = ((u >> 8) & 0xff); + byte[3^e2] = (u & 0xff); break; case R_MEP_TPREL7: /* ---------6543210 */ u -= mep_tpoff_base(rel->r_offset); diff --git a/bfd/mep-relocs.pl b/bfd/mep-relocs.pl index 599ff6436a..544ee012a7 100755 --- a/bfd/mep-relocs.pl +++ b/bfd/mep-relocs.pl @@ -156,20 +156,23 @@ sub emit_apply { $e = '^e4' # endian swap for data } print NEW " case R_MEP_$relocs[$i]: /* $pattern[$i] */\n"; + if ($relocs[$i] =~ /HI16S/) { + print NEW " u += 0x8000;\n" + } if ($attrs[$i] =~ /tp-rel/i) { - print NEW " $v -= mep_tpoff_base(rel->r_offset);\n"; + print NEW " u -= mep_tpoff_base(rel->r_offset);\n"; } if ($attrs[$i] =~ /gp-rel/i) { - print NEW " $v -= mep_sdaoff_base(rel->r_offset);\n"; + print NEW " u -= mep_sdaoff_base(rel->r_offset);\n"; } if ($attrs[$i] !~ /no-overflow/ && $bits[$i] < 32) { if ($v eq "u") { $max = (1 << $bits[$i]) - 1; print NEW " if (u > $max) r = bfd_reloc_overflow;\n"; } else { - $min = -(1 << ($bits[$i]-1)); - $max = (1 << ($bits[$i]-1)) - 1; - print NEW " if ($min > s || s > $max) r = bfd_reloc_overflow;\n"; + $min = (1 << ($bits[$i]-1)); + $max = (1 << ($bits[$i])) - 1; + print NEW " if (u + $min > $max) r = bfd_reloc_overflow;\n"; } } for ($b=0; $b> $right) & 0x$mask)"; + print NEW "((u >> $right) & 0x$mask)"; } else { - print NEW "($v & 0x$mask)"; + print NEW "(u & 0x$mask)"; } print NEW ";\n"; }