From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtpout140.security-mail.net (smtpout140.security-mail.net [85.31.212.145]) by sourceware.org (Postfix) with ESMTPS id 26FF53858C2C for ; Thu, 24 Aug 2023 09:26:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 26FF53858C2C Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=kalrayinc.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=kalrayinc.com Received: from localhost (fx405.security-mail.net [127.0.0.1]) by fx405.security-mail.net (Postfix) with ESMTP id B1213335C56 for ; Thu, 24 Aug 2023 11:26:54 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kalrayinc.com; s=sec-sig-email; t=1692869214; bh=pEkijG7Lhoef6+Z8eFm/4aRCUpFwK07F13AJclT96MA=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=kVRUaSMTXoYqUEcFS6iYVGTGpZg/wNiSBpypWoiWaMZ6kZIZXTFdExTfCfDNI5T57 2YwITvdo7uwgbfIoXU6TDvGFKHYn/nqZKxSy/R10rHB6hCDavykr4L/9c5sZ09xEgA QHUsU7pn66Bj/1Ox38gfMhP6B6yCVrGtbLJk/UTk= Received: from fx405 (fx405.security-mail.net [127.0.0.1]) by fx405.security-mail.net (Postfix) with ESMTP id 023FA335D4F; Thu, 24 Aug 2023 11:26:54 +0200 (CEST) Received: from FRA01-PR2-obe.outbound.protection.outlook.com (mail-pr2fra01on0105.outbound.protection.outlook.com [104.47.24.105]) by fx405.security-mail.net (Postfix) with ESMTPS id 2AFD6335B2D; Thu, 24 Aug 2023 11:26:53 +0200 (CEST) Received: from MR1P264MB2482.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:33::22) by MR1P264MB2234.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:3::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6699.27; Thu, 24 Aug 2023 09:26:51 +0000 Received: from MR1P264MB2482.FRAP264.PROD.OUTLOOK.COM ([fe80::aeb6:2f26:45ff:5461]) by MR1P264MB2482.FRAP264.PROD.OUTLOOK.COM ([fe80::aeb6:2f26:45ff:5461%6]) with mapi id 15.20.6699.027; Thu, 24 Aug 2023 09:26:51 +0000 X-Virus-Scanned: E-securemail Secumail-id: <2673.64e7225d.295a2.0> ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YAr/NeLetFCuvtxqwHZIzmNxt+g4fghMsa2E6mwnYIwBe40Xwd6jzLsV9X0xyN5PfcAT76xddA1LNlM2NSQ2A61sFvLIASq+C+H6Jj3VzuEESeIy7lmDQDAHeszOSPa3V8XU+2BBQxfjdArg0/3kOYL+DhWOw7foqHLWBgiomy3smOrhxtGM7FROl/3zLGYMgeVGhtYKIE8fy727/tL4V0Dl6roKRD+W6Yya7/OUV1k1S/dUNgnP8CNDj0Nvd+aLAYeEqYwmgGx0HosvBNFiuMOrXdsHmM8mlgwmd6CYSx6PaXedyOVgjA6/hs/tQVEi31M+eMVHMcHoqPihPEKNgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=s6urmV0I1Prp3QFoUOYi0hiYkxAnG4VwoKIgg1b/HaE=; b=HEdST6YpG8c43M/NX8QnPhX8X/glqyIIdcclq6qRuYzcrFOTDriGdsdpvg6za680IKjxZbRLhlhOp449gZXx+yBHdHN3f9SxHymlqwa2wjaWpd9LNb6rB5ISBdJPa5JNd4wxNfIL14drlgZAhRx8Rn0lQgIQYPguk96KktR6fWOLswLRk+tB43Vcta3S9VJPlA17YiinOxpFYAXHNFOrsv0MNpn9rnBnvadooJwi2sxk1f9I9RDmzqnu/gDq7t0wsclGQEm5elE0u7hJhoHzlFVU3/vTq3WmOulkaVOjZ/II8vUURPb487ANWU1KfytzVl1EGvgsR3Kz9dmBxpq36w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=kalrayinc.com; dmarc=pass action=none header.from=kalrayinc.com; dkim=pass header.d=kalrayinc.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kalrayinc.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s6urmV0I1Prp3QFoUOYi0hiYkxAnG4VwoKIgg1b/HaE=; b=BHkLtU0CprQLqnqAJkRjLPi+ipJz9a5EDSjq7Y5yk31xOwN+qaAcvdJ5PjVLWFoSDNd5CwQSHjLTEX3fzOUjgKptRlDWFECRFE8ECRJkVsN1v4pKkbOHiC6aTJ9xn3l+lfaMHO7B+vaJOCRS+rFHphDNEzwwn04eJaCYlXszBRSPCKSM2tkz/8XgUJ28dQYFw02mJI9idYJoqqaV+8mulsEis1jjFNhJTi79ZzFdf6bXXoGbTbu24vqTBtwcsNUCglNUUhfE3qJnVWPo7wFYgCznLCixA145Q67d0GTWGkqmGDsKd3fyRf5qXQqOu/6xFExaWFytanv7h0PLLWdX1Q== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=kalrayinc.com; Date: Thu, 24 Aug 2023 11:26:49 +0200 From: Paul Iannetta To: Alan Modra Cc: binutils@sourceware.org Subject: Re: [PATCH] kvx: fix kvx_reassemble_bundle index 8 out of bounds Message-ID: <20230824092649.2gucfvnmswr362us@ws2202.lin.mbt.kalray.eu> References: <20230823143923.10105-1-piannetta@kalrayinc.com> <20230824084906.svfkw5r7xxws2prc@ws2202.lin.mbt.kalray.eu> Content-Type: multipart/mixed; boundary=secu_1b0da9a5db5b91540401acf5f11f5a50_part1 Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20171215 X-ClientProxiedBy: LO4P123CA0541.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:319::12) To MR1P264MB2482.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:33::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MR1P264MB2482:EE_|MR1P264MB2234:EE_ X-MS-Office365-Filtering-Correlation-Id: b36b9702-a00a-44e2-aba2-08dba4843f75 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +CZIgxmHJWGiZ0nM+xdQ6/lvCBgjwAi1UvCDyuM0ugyM9xJo5XE/BqWOZwKq5szOXOsVi0qFBoPwbmsSUHS/1wFmMXsYBx5SG9XoHq9lkz+DIjYm89/Q0evtG4UKi0zUxQ+Zo2l9eprWA96XD3jTHYc22sXIJOEOIp6cbhnTCd71P/j1NoDzpCzTL6rW975T/1TRIehdRd1vdeZWxVhK47zNBE4/qmiIFiKLyW4ovrXSKmD0rYEH3pdgDE7e3UIeDaY6LuCWsiIfVgcb936FTU4oo27B6VfEEGeObXQCBFmO2J2uCZGx7W4c9CSCtCzeG29QESZlwQkP07kLngXNeswxI0/Bz92zWtpxTeUcAwlxVW7rVBeQVn3UIAoUDbTlgON/HHJhsfmED8C4CvdwYTdvHH8vokDvUJyrU9BrqMjEo0+l/Wc0/egGx4bJJsLYuWFLtq8D9lrSTwwsiGbQeQmbbWQ/jbv6L6lpi7vZ4MYKeKHhHbJH7zvl5GvyrFZ5HtIb3bl01RQjKs7jwZgdW6uO5UoTpaMn7WI+hBkcknmGa4xqQJBfvQPLlj0cFkSr2bKphQwPIyMaSMcYZVUXGkmQWrtmf9D3SnE/WX/h5omwHxEpXTiJJyRRcvjrxKeC X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MR1P264MB2482.FRAP264.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(396003)(136003)(366004)(39860400002)(376002)(346002)(451199024)(186009)(1800799009)(66946007)(66476007)(66556008)(6916009)(316002)(478600001)(26005)(38100700002)(41300700001)(53546011)(86362001)(44144004)(6486002)(6512007)(2906002)(6506007)(9686003)(4326008)(8676002)(8936002)(1076003)(5660300002)(83380400001)(235185007)(2700100001);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: F6FCBUnf//P9sOVbxiQe9ZJlzollJgJIvgRAnRlKO1FegY3eOnDYeGgHoYh0eLGuR1saQN6WrEyCsA+qTwDGJsF3b0OTbQ7v4y7AC2t47ANrHBVSW8eX4xJFayH08ukban3nMBevd3IpCt2pc4J64RHL5IW5x4El0s+9cPqV8quWozuo5TWb4ZJo9EmNR3+VxP+lRll28UcMsAtS3jAaIWlmvK+9dhDFSIqCNUn5ISKw9feUbgJUacI4ZzeJyCFw2sPwlVLrN1l86VjZ+o5YQgM1kxj3CxGHGAI1aTRjHl8ZwE0OXcmOzH/yzk09DwG5vt9AJ9t+rjzaKT9mjK+ykH1rIMCBrYXiTV/8xytvxPk5CkPzpHDBh+TTNyQL29bZjmWXcwHUY+KFM8wNlRRMWOhFnuYbDeUM7ChLYaTk+KrO6Y3YDjgbkowrwcAUK6KCzSx6E72/cjCCeksznXBjMo2m7j43+g4nefRWvjtZQ/H8cz8Q94HOxpnS7dy6ar758JNOtoWxzU0nwA3L5cGOdn4ieKox/9yViYNneUeEEGbpTVU0k73d4Uz84O7RQ4HKpH1xnhS837i9YtYESoupRnwa9I0o5gNy6yiqQ02cBZ5KcJZUI8PM+1KRxidRPblZC/eTvjZOLwnmxRWtd2UzObesxn9rM+41wC5zO7SHJU/icTwWobGc0Kidrdo691T0Xk14UL197Ep+xPDsfBILhjgsROHBMwFK0AKWR5DZfubeMiQnc/zizPmTDmrfFoq8s35vVIXckFezuFxSaWhrZ8lwD38Bx/eW/R2qYCEzTlLgWjRJg5VD+J9jhFxO4k8RVzOavXzbqyHTvLctMQ47u2KhlwcxALTAifZwWXau+3qb68Sn7WtUyWBQpD/kTdF8590qDSV2LPwY0Ep/7xUMMGe4Xc6hMLBQUQkGkhNfXnGM2a4zxUuO2iIs7bpETvB+ J0IV6PUIYnpbGA3XZ5AHm2I5+D93WvPdBBE3MW7+p6p/0HSp697eCZCMoh8F21E8SPM1JAo/WO86J6R8cj9xtTqnXycosekbuLdoYy3JmHD4XVESSrdY7n7aa1AuXVSDxSdPWCWF+3/aAVmxvP0XQ6w1DpOdxA7KqStxm/+C9WSsoD8Ng4rS4ZAaI5R/wlPrA5mR/7emX2t1755i5peXrdqpNyAn/1mQur9brmqDOerA86M3PRqGpEmtH50ptyX9bhGr7BN7VC0gT69puTH0MdBTAvValhshCSfJEcyIjK93zCmRNDJaCA6Tlt9PTiMoFbEr0Z4qSK98Y9F7GT8a6urnfYlg5qp4wpkq8GgBqI2+rqw0TWOglEEN5cGbOh7/4c3rBWiy+hYQV7BUCG1L4V58lDuUDkeKmIYZlk0GpARwIJADWyvw0W/D+Zq0GgQhKP/OCkcClJp33VAOfB3ACkFOjHqMWIdmeB15oCiSN43H6OZmUtMD01zca0SXA4syijcCPq/rvauxtO8vqmJyv+cUw4gcHP6mGajmnwdyplIADA6O+6w3tt45UuQ8SpYIJODhF5GIzffBMADrIUnpoOeAphEyZqAj1eGa+WkwqbG/ro7Ak5thMHMbDCO076p+Ld2vgxexYPnKxG88TwY2LQ== X-OriginatorOrg: kalrayinc.com X-MS-Exchange-CrossTenant-Network-Message-Id: b36b9702-a00a-44e2-aba2-08dba4843f75 X-MS-Exchange-CrossTenant-AuthSource: MR1P264MB2482.FRAP264.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Aug 2023 09:26:51.2114 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8931925d-7620-4a64-b7fe-20afd86363d3 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: j9quYUi7xEy3j7ift45fPoe2qlSSu+7tJHK+wwCRJoRGEmNnAcDN5SY5mvEsB2ipojIedP44vQvCpQVDtpLMOg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MR1P264MB2234 X-ALTERMIMEV2_out: done X-Spam-Status: No, score=-11.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: This message is in MIME format. --secu_1b0da9a5db5b91540401acf5f11f5a50_part1 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline On Thu, Aug 24, 2023 at 06:38:25PM +0930, Alan Modra wrote: > On Thu, Aug 24, 2023 at 10:49:06AM +0200, Paul Iannetta wrote: > > On Thu, Aug 24, 2023 at 12:42:33PM +0930, Alan Modra wrote: > > > On Wed, Aug 23, 2023 at 04:39:19PM +0200, Paul Iannetta via Binutils wrote: > > > > As discussed earlier, I removed kvx_elf64_linux_vec, fix the handling of unique > > > > symbols by using has_gnu_osabi instead of overwriting e_ident, change (unsigned) > > > > long long into {u,}int64 and at some place int by int32_t. > > > > > > I've committed these for you. BTW, oss-fuzz is poking at the kvx > > > support and finding holes. See pr30793. > > > > The attached patch should fix pr30793. > > decode_prologue_epilogue_bundle too? Indeed, thanks. (Currently, this is deadcode, because it is only used by gdb which we have not contribued back yet). > > > > > Thanks, > > Paul > > > > > > > >From 03c35cf18fa689bc7d727c506d30c396244cb307 Mon Sep 17 00:00:00 2001 > > From: Paul Iannetta > > Date: Thu, 24 Aug 2023 10:39:14 +0200 > > Subject: [PATCH] kvx: fix kvx_reassemble_bundle index 8 out of bounds > > > > opcodes/ChangeLog: > > > > 2023-08-24 Paul Iannetta > > > > * kvx-dis.c (print_insn_kvx): Change the loop condition so that > > wordcount is always less than KVXMAXBUNDLEWORDS. > > --- > > opcodes/kvx-dis.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/opcodes/kvx-dis.c b/opcodes/kvx-dis.c > > index e63430a9e57..a78eb5f84ec 100644 > > --- a/opcodes/kvx-dis.c > > +++ b/opcodes/kvx-dis.c > > @@ -1056,7 +1056,7 @@ print_insn_kvx (bfd_vma memaddr, struct disassemble_info *info) > > wordcount++; > > } > > while (kvx_has_parallel_bit (bundle_words[wordcount - 1]) > > - && wordcount < KVXMAXBUNDLEWORDS); > > + && wordcount < KVXMAXBUNDLEWORDS - 1); > > invalid_bundle = kvx_reassemble_bundle (wordcount, &insncount); > > } > > > > -- > > 2.35.1.500.gb896f729e2 > > > > > -- > Alan Modra > Australia Development Lab, IBM > > > > --secu_1b0da9a5db5b91540401acf5f11f5a50_part1 Content-Type: text/x-diff Content-Disposition: attachment; filename=0001-kvx-fix-kvx_reassemble_bundle-index-8-out-of-bounds.patch >From 73bb3fb50eb05cf57795e6a078c0758658519df3 Mon Sep 17 00:00:00 2001 From: Paul Iannetta Date: Thu, 24 Aug 2023 10:39:14 +0200 Subject: [PATCH] kvx: fix kvx_reassemble_bundle index 8 out of bounds opcodes/ChangeLog: 2023-08-24 Paul Iannetta * kvx-dis.c (print_insn_kvx): Change the loop condition so that wordcount is always less than KVXMAXBUNDLEWORDS. (decode_prologue_epilogue_bundle): Likewise. --- opcodes/kvx-dis.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/opcodes/kvx-dis.c b/opcodes/kvx-dis.c index e63430a9e57..2a5aa1d6cde 100644 --- a/opcodes/kvx-dis.c +++ b/opcodes/kvx-dis.c @@ -1056,7 +1056,7 @@ print_insn_kvx (bfd_vma memaddr, struct disassemble_info *info) wordcount++; } while (kvx_has_parallel_bit (bundle_words[wordcount - 1]) - && wordcount < KVXMAXBUNDLEWORDS); + && wordcount < KVXMAXBUNDLEWORDS - 1); invalid_bundle = kvx_reassemble_bundle (wordcount, &insncount); } @@ -1237,7 +1237,7 @@ decode_prologue_epilogue_bundle (bfd_vma memaddr, nb_syl++; } while (kvx_has_parallel_bit (bundle_words[nb_syl - 1]) - && nb_syl < KVXMAXBUNDLEWORDS); + && nb_syl < KVXMAXBUNDLEWORDS - 1); if (kvx_reassemble_bundle (nb_syl, &nb_insn)) return -1; -- 2.35.1.500.gb896f729e2 --secu_1b0da9a5db5b91540401acf5f11f5a50_part1--