From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from aserp2120.oracle.com (aserp2120.oracle.com [141.146.126.78]) by sourceware.org (Postfix) with ESMTPS id BDAAA3850428 for ; Wed, 24 Mar 2021 01:22:13 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org BDAAA3850428 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 12O1JPSU054542 for ; Wed, 24 Mar 2021 01:22:13 GMT Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70]) by aserp2120.oracle.com with ESMTP id 37d90mh329-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 24 Mar 2021 01:22:13 +0000 Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1]) by aserp3020.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 12O1KPZf116851 for ; Wed, 24 Mar 2021 01:22:12 GMT Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2106.outbound.protection.outlook.com [104.47.55.106]) by aserp3020.oracle.com with ESMTP id 37dtxyyvxu-5 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 24 Mar 2021 01:22:12 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KJNTeDMbpGAQ/fQCFTIyXg+33pXfmGVMvxT9qONaZ9dLXCRkWtmq+ju/5Z/IRuQOi6e66gAbqIOOqpTg01Kax4MJWgDREFFg4IFQhz+EbxzDT/Y3rxqIKHVoxf8HKoBbmpoFIDOrhc+4fZ9zhV6pLxTfOvoRIG6TBBabDjfkFdEx9mWbi3muDsFjIUI3g2T5h8caQ1JgV/OjQOC9qFzOYcWgWqgbEfN1an+3kQ35M8ZJF+MUbycecbwoWx4suy8x38Id6T77vpAMjgoV0nY6oP8+O3+fvDfJCZuKzqrCoJ66wN+2eO3kKjDDSAcy6bz08ED/ryICFPB07aypej/dsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CTSKUT/LVemC+rejO3hPn9XC8vwRtcQJZgWYb4On7Zg=; b=KLco/li0WEE/Xus5IVUsvhca6FxGrqO+PmXU/DbEm+CM2nLWeCfZqsIfeQsXJ3wto901sS4j2/s2TEbDKeBYbtbjYKbrjYrX4l9QGv3PYYZ6pITu6Bb8d/mHFRcLd6hw+Ch0DcroDFQwIGi0S/VTSddA7d24/odMHGkvzWkp++aWvkT+4EA7UPMpn72ZFZR2GphJLJ7q9r5DaKmLOqC4+/d29Ues6VivIaZ5tgEGJpP8XVhHO2/cve96Zx/AK1DFOCp4zX8uBFh7Q9EFe45ko2CkqDeIprdICwSOZIBpAFWhc5EtpbwsWN6Y/GypE4Z2az8v9LTXTiGSFTdrgoRJ2A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none Received: from SA2PR10MB4715.namprd10.prod.outlook.com (2603:10b6:806:fb::10) by SA2PR10MB4555.namprd10.prod.outlook.com (2603:10b6:806:115::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.27; Wed, 24 Mar 2021 01:22:11 +0000 Received: from SA2PR10MB4715.namprd10.prod.outlook.com ([fe80::bdcf:f0:1350:5fa2]) by SA2PR10MB4715.namprd10.prod.outlook.com ([fe80::bdcf:f0:1350:5fa2%6]) with mapi id 15.20.3977.024; Wed, 24 Mar 2021 01:22:11 +0000 From: Nick Alcock To: binutils@sourceware.org Subject: [PATCH 5/8] libctf: don't dereference out-of-bounds locations in the qualifier hashtab Date: Wed, 24 Mar 2021 01:21:55 +0000 Message-Id: <20210324012158.35472-5-nick.alcock@oracle.com> X-Mailer: git-send-email 2.31.0.253.gdec51257f3 In-Reply-To: <20210324012158.35472-1-nick.alcock@oracle.com> References: <20210324012158.35472-1-nick.alcock@oracle.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [2001:8b0:1101:10::2] X-ClientProxiedBy: LO4P123CA0384.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:18f::11) To SA2PR10MB4715.namprd10.prod.outlook.com (2603:10b6:806:fb::10) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from loom.srvr.nix (2001:8b0:1101:10::2) by LO4P123CA0384.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:18f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.24 via Frontend Transport; Wed, 24 Mar 2021 01:22:10 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ba89ae8b-2281-475e-1ba4-08d8ee633fb3 X-MS-TrafficTypeDiagnostic: SA2PR10MB4555: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:873; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: olKKlcQcp0YhWFOrhikgMmre3vxCvf2lZAV1+eJmH7uawvrmi3w4TC7p/j5yaB52a1MBHIjDefcRkkrVjMgkUyGyFUQDcexJYbHNkzG5eDDERpA5mNYgJ1Wfo+Bq3CuH8QEF4tIh6OhfVvNd0d9PqNHhRrOHxBHHFqxOo6WTgBdUpDZAdtVHt3NYx+o+6hq8rC17HkcX6ALyvCivSu5g+nB5qeOab4BEP0N7eiWUf13mINckyio1IbD6OhQ60EfcoGY2SZFmc0W7KAiLtbA1LOuRMW69ju5FbipJg7N/SKM7Bbg7J/tfgic3kzzDXZG0AvCxvoIY9YZoCuuSgPq/lbuI34oFMrb5j+Z511AtWzNY3jHwVIqA4otI1wuyY+K8z9K0Haw+GHSDkfeiWjCowByRSapoYbFWpezURfD82CHBCCnr0L8lVz78/qc66Tz+n/wwlqyOzfXEKxvhwvgW1Ot6obxRtwbgAIbZLWSmQdWfuWpVn9ceRvcvgCyoponVJUN/Stt5o2k4j2KVcXSLjWZ6N7vysC1SfhiRAX7PLwlFc00rkxT0eAFTDzyBJtUEjenJWbZV259XikzCaLb9jaD2BMeaoCth5SZJRYCWlYQlSqJFHH7go0WHWsD8MtBwQzEHVvhMoZnserw7/0O9Lc5bpnYp79lNNT474bVBPVk= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA2PR10MB4715.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(39860400002)(396003)(366004)(376002)(346002)(83380400001)(8936002)(6916009)(2616005)(6506007)(44832011)(5660300002)(8676002)(36756003)(6666004)(1076003)(52116002)(478600001)(66946007)(2906002)(16526019)(66476007)(186003)(66556008)(86362001)(6486002)(316002)(38100700001)(6512007); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?PM/v9AS4zPZmysDu3AFl1BlRO5NLNeJptG3ZRjKENsX7Hp3EXcRR8vm+eLe5?= =?us-ascii?Q?js6soAi+Yjn5te5rTzk7uxVjJ/LRKth2gTC22vZ8009I6hi+yLD2ihTPbBcW?= =?us-ascii?Q?iW7V693DBr3nuTNU1RvDw7vRS22rGr5bMzuWJNzqgKv6T5jQ+I1SZUvQZ6JR?= =?us-ascii?Q?pzEcx8nBMkvyuxH0DTnAaE9sEZWysu8jyzMTgWBU1Z++Co2yjYfp8AwzDLRP?= =?us-ascii?Q?NtsTLgrhXiKScbTEQQnbogmsMSEmJ6KAj6PpCQ5fUkhHzFbsx3c8yIUEvVIX?= =?us-ascii?Q?hBAyWan4jUZmKCwZ28UFvE1R439pNn7ZH5lJP/MNu+sYP27RaXcLEgaVW+0c?= =?us-ascii?Q?wAB9d/41iX85I06+iP19f2Fwh7TQfvA0SozJ5we4kJ7te3MfeOiwpx+poJiA?= =?us-ascii?Q?INbgP6I/rSTcC95QiOYyvCDEujLF1gIImstWhh/h91bKR91+24Dc2IBA61tz?= =?us-ascii?Q?u07gtQVn0kQazpMQBmRaDsPoebZ8FkyRqa+Kxv6Fq7w3r6ERpz5Wp8/m0G10?= =?us-ascii?Q?36rOoLetPdIOcLfPM1s59HdsMc/z0NqLfBPgn+qNWidksb7IOBkIkX3OZgUh?= =?us-ascii?Q?MxVfUQXF5mo1cU9Hqh+7nluOnQt3a2JbMT1oLPFi6rvW6ddWUG9Tshvk0hEj?= =?us-ascii?Q?HlLe+iBNveQhFt0Qv9571l5l2IhUeKGLuUNVNj0YrWxV4tvkVQu+kxwitCjW?= =?us-ascii?Q?FrKiOT0RKEHpFgpZu1qOCvnAck7ytwhp9Y2hVno0KhVK3NSnnAnfGIlkzhD5?= =?us-ascii?Q?/3ZIgfSRL9/TiQSYFxRCI9ET/MEQKSTUx0EzkRlvsz5XvpV9EL5s+EXPH4X3?= =?us-ascii?Q?SB5vjwoKw+Nx0xABgLbkesFYvAYFdGeLyf3etWPqsW33QCWLRwlRKezAb+hV?= =?us-ascii?Q?gNBpptONQdzz2CNLlvkn+alKEI7NJ+/ZYxKfeUR+/4+vL/MVhlsdU1H3ybER?= =?us-ascii?Q?vW8k+wHUixrLNGzfD4xP8EiSEFI244h+fpJ7PUh6CCO8JUFxfDmPb28apfYU?= =?us-ascii?Q?0HXTnIz+Lbilhu5FaBlS4BF5D8JSSeT08MFxFGInPyswq0Spcm2SrgXwKObV?= =?us-ascii?Q?PUvmI++0nVnDrxTrRwk7JiShfNiYnn8eA73o9qG0ofN0H1gPDfS4q+hcvCf4?= =?us-ascii?Q?qT90BMZ4jaJbcHxp+jjvUSMEkqcFyaSkSNdLOKrb9v/N1O1aXcjOnYfxfUQY?= =?us-ascii?Q?ePQ3XTh0cH2bWz0C0BxLtuO5t4eNW6U6QAsPQb5ERkKZW+aa03pMVy/ZC77F?= =?us-ascii?Q?JCFwtJCTgQhGkCLI0vYiAQmc7n1Tp0w0pdN5yIfUFMffiP8PNAwblWTaY+HC?= =?us-ascii?Q?P7mN3+RN0O4z3I21oiFpwV3G0KoGmJycv1KvM7dU79W2Bw=3D=3D?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: ba89ae8b-2281-475e-1ba4-08d8ee633fb3 X-MS-Exchange-CrossTenant-AuthSource: SA2PR10MB4715.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Mar 2021 01:22:11.2782 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: A1a2wewTW/j6aog50LivH/GXJrZjr/IXpL/vAD2VDoHnVGM99m2W2lTWzRhxBYeqpxZLTwjEzdN+vrSzEIaV1w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA2PR10MB4555 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9932 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 mlxlogscore=999 malwarescore=0 phishscore=0 bulkscore=0 mlxscore=0 suspectscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103240007 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9932 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 malwarescore=0 mlxscore=0 priorityscore=1501 bulkscore=0 impostorscore=0 lowpriorityscore=0 phishscore=0 mlxlogscore=999 suspectscore=0 clxscore=1015 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103240007 X-Spam-Status: No, score=-11.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, SPF_HELO_PASS, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2021 01:22:17 -0000 isqualifier, which is used by ctf_lookup_by_name to figure out if a given word in a type name is a qualifier, takes the address of a possibly out-of-bounds location before checking its bounds. In any reasonable compiler this will just lead to a harmless address computation that is then discarded if out-of-bounds, but it's still undefined behaviour and the sanitizer rightly complains. libctf/ChangeLog 2021-03-23 Nick Alcock PR libctf/27628 * ctf-lookup.c (isqualifier): Don't dereference out-of-bounds qhash values. --- libctf/ctf-lookup.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libctf/ctf-lookup.c b/libctf/ctf-lookup.c index 9d1e6d8a4a2..e50c868c5b8 100644 --- a/libctf/ctf-lookup.c +++ b/libctf/ctf-lookup.c @@ -111,10 +111,13 @@ isqualifier (const char *s, size_t len) }; int h = s[len - 1] + (int) len - 105; + + if (h < 0 || (size_t) h >= sizeof (qhash) / sizeof (qhash[0])) + return 0; + const struct qual *qp = &qhash[h]; - return (h >= 0 && (size_t) h < sizeof (qhash) / sizeof (qhash[0]) - && (size_t) len == qp->q_len && + return ((size_t) len == qp->q_len && strncmp (qp->q_name, s, qp->q_len) == 0); } -- 2.31.0.253.gdec51257f3