Re: [PATCH] bfd: make _bfd_section_size_insane part of the public API

public inbox for binutils@sourceware.org
 help / color / mirror / Atom feed

From: Andrew Burgess <aburgess@redhat.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: binutils@sourceware.org, Alan Modra <amodra@gmail.com>
Subject: Re: [PATCH] bfd: make _bfd_section_size_insane part of the public API
Date: Wed, 06 Mar 2024 11:17:09 +0000	[thread overview]
Message-ID: <874jdjboei.fsf@redhat.com> (raw)
In-Reply-To: <a1602ed4-8328-4c4a-a5db-2121d29e6683@suse.com>

Jan Beulich <jbeulich@suse.com> writes:

> On 10.01.2024 17:20, Andrew Burgess wrote:
>> We're talking about the same _bfd_section_size_insane in bfd/section.c,
>> right?
>> 
>> I don't see any arbitrary limit in there.  If there is such a limit then
>> it's buried within all the very non-arbitrary sanity checks.
>> 
>> This function isn't answering: "is this section larger than X", it is
>> instead answering: "can this section possibly be read from this file".
>
> Hmm, first of all I have to apologize for having gone from memory, having
> looked at the function only when I first saw your patch. Yet then what
> you're talking about is merely the final check of the function, which I'd
> view as fine to externalize. The whole rest of the function still seems
> pretty (but not exclusively) heuristic to me.
>
> Anyway, Alan has indicated approval of making the function external, even
> as-is. If I was to make a suggestion beyond the possible renaming /
> inverting of sense, that would be to split the function into an "is valid"
> part and an "is sane" one, with the latter kept internal.

Hi Jan,

This patch dropped from my radar for a while, mostly because I didn't
really understand your last feedback -- I wanted to take some time then
revisit this patch with fresh eyes -- then I completely forgot about
this.

You talk about splitting the function into two parts, an "is valid" part
and an "is sane" part.  I've looked at _bfd_section_size_insane again,
and I still don't understand how you imagine the function being split.

Here's a high level description of the function as I see it:

  1. Get section size,

  2. If section is one that we "know" will always be sane (i.e. was
     created within a tool rather than read from a BFD) then this is a
     sane section,

  3. Get the file size,

  4. If the section is a compressed section then, do some check that I
     don't really understand (despite the comment) against the section
     size.  Later checks are done against the section's compressed size
     instead of the reported section size,

  5. If the section is defined as outside the bounds of the file, or the
     section size is larger than the file size then there must be
     something wrong with the section, and the section is declared
     "insane",

  6. Assume the section is sane.

There's a small unknown in step #4 that I don't understand, but
otherwise, this all seems pretty straight forward.  I don't really
understand how you imagine these parts being split.  And if they were
split, I don't understand why a user like GDB can't ask these questions
about a section (or rather, we can ask the same question, all the
functions/data that _bfd_section_size_insane uses are public, so GDB can
just copy & paste this code, but I'd rather not do that).

My motivation behind wanting to make this public is to allow GDB to
perform this sanity check before trying to allocate memory, which I
think will allow GDB to improve it's error handling when presented with
an invalid BFD (ELF) object.

Given Alan's feedback, I'm really just looking to see if you still have
objections/requests for this patch, or if you're happy for this to be
merged.

Thanks,
Andrew

next prev parent reply	other threads:[~2024-03-06 11:17 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-06 16:15 Andrew Burgess
2024-01-02 11:21 ` Ping: " Andrew Burgess
2024-01-05 12:03 ` Jan Beulich
2024-01-10 11:03   ` Andrew Burgess
2024-01-10 12:47     ` Jan Beulich
2024-01-10 13:48       ` Andrew Burgess
2024-01-10 14:26         ` Jan Beulich
2024-01-10 16:20           ` Andrew Burgess
2024-01-10 21:22             ` Alan Modra
2024-01-11  8:23             ` Jan Beulich
2024-03-06 11:17               ` Andrew Burgess [this message]
2024-03-06 11:30                 ` Jan Beulich
2024-03-25 18:33                   ` Andrew Burgess
2024-01-10 17:54   ` Tom Tromey

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=874jdjboei.fsf@redhat.com \
    --to=aburgess@redhat.com \
    --cc=amodra@gmail.com \
    --cc=binutils@sourceware.org \
    --cc=jbeulich@suse.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).