From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) by sourceware.org (Postfix) with ESMTPS id 9E1EA3858D1E for ; Fri, 15 Sep 2023 10:10:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9E1EA3858D1E Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-wr1-x42f.google.com with SMTP id ffacd0b85a97d-31f71b25a99so1819985f8f.2 for ; Fri, 15 Sep 2023 03:10:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1694772639; x=1695377439; darn=sourceware.org; h=to:date:message-id:subject:mime-version:from:from:to:cc:subject :date:message-id:reply-to; bh=CXvtesjDJ8d+7tPtxNR8CQMeINHjAyw8kFV/h4pxpfU=; b=hYBETHo9DQMIQztFkkVZob7FMSkM4IYO1Ovq00q8hhdv+5a60A4/m55gp8mxCkl6lB /X7O+vC9FJKOpGF7d8TxnQu/GDyovq7Z/rp5QhFTL2PATqCq9RtRIVH9lr9YRopy5pn/ Q86j0zbRSwt7oSS96F8NwoRvSI85udcV9ThbWxmiNlTbFY8WS8U0CxXVf9VBj3YzIRws wngyh2r1xmNatIeskDOM+JGNgJBwPYzZ6mowM6lQqvSgqOkRmCL3EG+w6+CJ2YGhlvlh SjPmAsiFlyBlFmMzlgi41CsCLSSNgOwjErcBEHu0tuaZ+SSlK0mMVu4rY3XoYTK+4s4E XPeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694772639; x=1695377439; h=to:date:message-id:subject:mime-version:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=CXvtesjDJ8d+7tPtxNR8CQMeINHjAyw8kFV/h4pxpfU=; b=qHMw7veIE9e/eSDugr1rJ42mOqSSiHWQSrP/kc9Vk9VS+1DUzAQwIW7lgcbjyEL+dY d8QOLBnFl3+vvS0f8EDLFrLCPhDwShO/A+qFEXhJ0dsGOImYVuewDkbIKtw2BboWM+3l PiZJ4FsDRrk3heb/edbk3C2EyjBd9IT64/WxszwhP/7AaH6/l4IxIgNxUT9pHxmXJOyt 4WCNQdeAMSgNBL74jAGEJxgf7bxhMNLGfC3YVb112I3R/caKwUWRG5/9XeXZ2BJ72KQ4 pDzJLxiR/sjIQD3NBDU0GkSQ8au+rSOj7X+UxHHuNj8RZWSlySN6bNZTwS9hMUOKHa+j o0Tw== X-Gm-Message-State: AOJu0YxegTuXrHJcc0yxm0f5lTcK6Tv7OfjHjieWOX05h0WL25hyDpYy Y5nd3ilwk62B7UoreCgNhMqdPljMGE0= X-Google-Smtp-Source: AGHT+IExR4LbPW3Xz6OqSEXG/rNr4HydyQXm7CV1ZAJTEm3B1GjFmbo0W79Uw84jrD8rC+9jgRfLng== X-Received: by 2002:a5d:4a05:0:b0:31f:a7dc:40fe with SMTP id m5-20020a5d4a05000000b0031fa7dc40femr975698wrq.20.1694772638737; Fri, 15 Sep 2023 03:10:38 -0700 (PDT) Received: from smtpclient.apple (2a01cb08096bd9000144921d457dc52d.ipv6.abo.wanadoo.fr. [2a01:cb08:96b:d900:144:921d:457d:c52d]) by smtp.gmail.com with ESMTPSA id q2-20020adff782000000b00317f70240afsm4023987wrp.27.2023.09.15.03.10.38 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 15 Sep 2023 03:10:38 -0700 (PDT) From: Jacob Navia Content-Type: multipart/alternative; boundary="Apple-Mail=_1999733A-6436-4692-8529-EEB9598D9828" Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\)) Subject: Use of uninitialized memory Message-Id: Date: Fri, 15 Sep 2023 12:10:27 +0200 To: binutils@sourceware.org X-Mailer: Apple Mail (2.3731.700.6) X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --Apple-Mail=_1999733A-6436-4692-8529-EEB9598D9828 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii FUNCTION: riscv_ip_hardcode FILE: gas/config/tc-riscv.c LINE: 3682 Problem: Usage of uninitialized memory. Variable: Local variable of type "riscv_opcode *" insn. Description: This variable is initialized with a call to XNEW(struct riscv_opcode); 3721: insn = XNEW(struct riscv_opcode); All fields of this structure are garbage since we called malloc. The next line initializes ONE of those fields: 3722: insn->match = values[num - 1]; Then, a call to "create_insn" is done: create_insn(ip,insn); The function "create_insn" initializes its left argument with the values of its right argument. In this case however, it will "initialize" its left argument with a structure that contains mostly garbage since only ONE field has been really initialized! There is only ONE place where riscv_ip_hardcode is called: in function s_riscv_insn. After the call, s_riscv_insn assumes that insn has been correctly initialized and makes: 4868: gas_assert(insn.insn_mo->pinfo != INSN_MACRO); without realizing that insn.insn_mo->pinfo is a garbage value. ANALYSIS: Garbage values are unlike to be 0xffffffff, the value of INSN_MACRO, so in most cases this inequality will be true, and the code continues to run as if nothing would be wrong. In some cases the code will fail with an "assertion failed" message. Since this bug is not reproducible... any bug reports will be discarded. HOW TO FIX: 1) Intead of calling XNEW call XCNEW that calls calloc instead of malloc. This will ensure that the inequality will fail. 2) Initialize all values to sensible values. This is much more difficult and involves much more effort, probably for nothing since those values aren't used. Jacob --Apple-Mail=_1999733A-6436-4692-8529-EEB9598D9828--