From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.smtpout.orange.fr (smtp-30.smtpout.orange.fr [80.12.242.30]) by sourceware.org (Postfix) with ESMTPS id 7FF21385842B for ; Wed, 12 Jul 2023 15:12:25 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7FF21385842B Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=jacob.remcomp.fr Authentication-Results: sourceware.org; spf=none smtp.mailfrom=jacob.remcomp.fr Received: from smtpclient.apple ([90.22.252.13]) by smtp.orange.fr with ESMTP id JbVvqAivtLvi1JbVvqCSbr; Wed, 12 Jul 2023 17:12:24 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wanadoo.fr; s=t20230301; t=1689174744; bh=OVds76kyRFjum4YIutxzKIYi1YQe1oSwuLo5Dy9LoeA=; h=From:Subject:Date:To; b=Vk9fI7Zu5Wri2EzT+FRFQFYmOnY9bpims/n7o8wmpsuM1KCPxhx33m/yaJ+/vM73Q DyvAy8+U1eFeTFq1ea44gaguXx4QrTw97tL9p+Iqqm5+L/htLVK3H1weq8x//NVfzz y6H5vYqiCpjO3AXdA6Otp2eaUp38lQxRK9HJoAw+/uvgOYme2PMXc3Orcz4IaVqwwh AIis2pwbde0LLy3lPPIQbz9U5CXLcW8Rz+85QuAayodSlBE2+NZ+RByuoWV9QFLoPo WBYB5Df5cpS1Jqx8/HsiIFnnt4AboUerj1/tDyKE43yBF2wQBMXd96cDtDRqDwEMOf Szv4eyyt3HryA== X-ME-Helo: smtpclient.apple X-ME-Date: Wed, 12 Jul 2023 17:12:24 +0200 X-ME-IP: 90.22.252.13 From: jacob navia Content-Type: multipart/alternative; boundary="Apple-Mail=_98095416-86E0-4BB9-B50B-20A6FECA7739" Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\)) Subject: SUSPICIOUS CODE Message-Id: Date: Wed, 12 Jul 2023 17:12:13 +0200 To: binutils@sourceware.org X-Mailer: Apple Mail (2.3731.600.7) X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,FORGED_SPF_HELO,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_NONE,SUBJ_ALL_CAPS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --Apple-Mail=_98095416-86E0-4BB9-B50B-20A6FECA7739 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Consider this code: 1202 static fragS * get_frag_for_reloc (fragS *last_frag, 1203 const segment_info_type *seginfo, 1204 const struct reloc_list *r) 1205 {=20=20=20 1206 fragS *f; 1207=20=20=20 1208 for (f =3D last_frag; f !=3D NULL; f =3D f->fr_next) 1209 if (f->fr_address <=3D r->u.b.r.address 1210 && r->u.b.r.address < f->fr_address + f->fr_fix) 1211 return f; 1212=20 1213 for (f =3D seginfo->frchainP->frch_root; f !=3D NULL; f =3D f->fr_ne= xt) 1214 if (f->fr_address <=3D r->u.b.r.address 1215 && r->u.b.r.address < f->fr_address + f->fr_fix) 1216 return f; 1217=20=20=20 1218 for (f =3D seginfo->frchainP->frch_root; f !=3D NULL; f =3D f->fr_ne= xt) 1219 if (f->fr_address <=3D r->u.b.r.address 1220 && r->u.b.r.address <=3D f->fr_address + f->fr_fix) 1221 return f; 1222=20 1223 as_bad_where (r->file, r->line, 1224 _("reloc not within (fixed part of) section")); 1225 return NULL; 1226 } This function consists of 3 loops: 1208-1211, 1213 to 1216 and 1218 to 1221= .=20 Lines 1213 - 1216 are ALMOST identical to lines 1218 to 1221. The ONLY diff= erence that I can see is that the less in line 1215 is replaced by a less e= qual in line 1220. But=E2=80=A6 why? This code is searching the fragment that contains a given address in betwee= n the start and end addresses of the frags in question, either in the fragm= ent list given by last_frag or in the list given by seginfo. To know if a fragment is OK you should start with the given address and sto= p one memory address BEFORE the limit given by fr_address + f->fr_fix. That= is what the first two loops are doing. The third loop repeats the second o= ne and changes the less to less equal, so if fr_address+fr_fix is one MORE = than the address it will still pass. Why it is doing that?=20 If that code is correct, it is obvious that we could merge the second and t= hird loops and put a <=3D in t he second one and erase the third one=E2=80= =A6 UNLESS priority should be given to matches that are less and not less e= qual, what seems incomprehensible =E2=80=A6 to me. This change was introduced on Aug 18th 2011 by Mr Alan Modra with the rathe= r terse comment: "(get_frag_for_reloc): New function. =C2=BB. There are no = further comments in the code at all. This code is run after all relocations are fixed just before the software w= rites them out. The code is in file =C2=AB write.c =C2=BB in the gas direct= ory. Note that this code runs through ALL relocations lists each time for E= ACH relocation, so it is quite expensive. In general the list data structur= e is not really optimal here but that is another story. Thanks in advance for your help. Jacob= --Apple-Mail=_98095416-86E0-4BB9-B50B-20A6FECA7739--