From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@gmail.com>
Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com
 [IPv6:2607:f8b0:4864:20::430])
 by sourceware.org (Postfix) with ESMTPS id D0CDB3858D28
 for <binutils@sourceware.org>; Sat,  6 Aug 2022 09:11:28 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org D0CDB3858D28
Received: by mail-pf1-x430.google.com with SMTP id b133so4136705pfb.6
 for <binutils@sourceware.org>; Sat, 06 Aug 2022 02:11:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:from:to:subject:message-id:mime-version
 :content-disposition;
 bh=dL8arDWTX2hqQPZU0kYwyubE2xRh7MzHe/RAvyWtv+U=;
 b=InhpTXdsDRo5b3rSLtJ650x3+XI3nrgHRjff+dJ7low0yKOcrkIk12kbEpgfS7HfSx
 rEL3I+wwVre8D9k3D+RxNakja2V+xLmF3jG+YVF6yYeL8Nsbuc63HeROXVZe+UBIqf8C
 jrBwSu6Fd/VHhc32lA5MyQx+HGp9Xj7TYX9b9u212nygvyPmhWhRk8AouWcDbfhcKceO
 bVm/HcM/joYShe7Jjf0/G8AjYzGmwlGqAJAA1PGp/wwcOZ4DdtE8k8uvtrVo7Sw2+Bb+
 PzhMWH6JdDBSli8VbtD9F5gV6eFwVuN1uW5aolF58BOPAx3QojOh0BAnZtzBLg+XdQ0J
 LQVg==
X-Gm-Message-State: ACgBeo17xiqDo5/YsR8wJ4d2lcw/sCD71IMrD1388AFEQce45fDKYX+y
 rgO5UJdi9fy3zmkjdrGu1YQ2Z8fWGyg=
X-Google-Smtp-Source: AA6agR5xXzXlSQ4nbKSbdUIz45LA5Y6Tzom8Xemth5w132a15k0k+3PVbQRJk7A1j9OthxHsHpZaQg==
X-Received: by 2002:a05:6a00:234f:b0:525:1f7c:f2bf with SMTP id
 j15-20020a056a00234f00b005251f7cf2bfmr10719741pfj.14.1659777087515; 
 Sat, 06 Aug 2022 02:11:27 -0700 (PDT)
Received: from squeak.grove.modra.org ([2406:3400:51d:8cc0:b433:7963:2f3b:b98])
 by smtp.gmail.com with ESMTPSA id
 g6-20020a63fa46000000b0041c35462316sm2753023pgk.26.2022.08.06.02.11.26
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 06 Aug 2022 02:11:26 -0700 (PDT)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
 id 3388D1142EB7; Sat,  6 Aug 2022 18:41:24 +0930 (ACST)
Date: Sat, 6 Aug 2022 18:41:24 +0930
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: ubsan: som.c undefined shift in som_set_reloc_info
Message-ID: <Yu4wPOxQxF64wN6f@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-3036.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Aug 2022 09:11:30 -0000

Do the shift using unsigned variables to avoid UB on << 8.

	* som.c (som_set_reloc_info): Make v unsigned.  Localise some
	variables to their blocks.

diff --git a/bfd/som.c b/bfd/som.c
index 90928b7641d..d33ad67561a 100644
--- a/bfd/som.c
+++ b/bfd/som.c
@@ -4941,13 +4941,9 @@ som_set_reloc_info (unsigned char *fixup,
 		    unsigned int symcount,
 		    bool just_count)
 {
-  unsigned int op, varname, deallocate_contents = 0;
+  unsigned int deallocate_contents = 0;
   unsigned char *end_fixups = &fixup[end];
-  const struct fixup_format *fp;
-  const char *cp;
-  unsigned char *save_fixup;
-  int variables[26], stack[20], c, v, count, prev_fixup, *sp, saved_unwind_bits;
-  const int *subop;
+  int variables[26], stack[20], count, prev_fixup, *sp, saved_unwind_bits;
   arelent *rptr = internal_relocs;
   unsigned int offset = 0;
 
@@ -4966,10 +4962,14 @@ som_set_reloc_info (unsigned char *fixup,
 
   while (fixup < end_fixups)
     {
+      const char *cp;
+      unsigned int op;
+      const struct fixup_format *fp;
+
       /* Save pointer to the start of this fixup.  We'll use
 	 it later to determine if it is necessary to put this fixup
 	 on the queue.  */
-      save_fixup = fixup;
+      unsigned char *save_fixup = fixup;
 
       /* Get the fixup code and its associated format.  */
       op = *fixup++;
@@ -5015,11 +5015,15 @@ som_set_reloc_info (unsigned char *fixup,
       while (*cp)
 	{
 	  /* The variable this pass is going to compute a value for.  */
-	  varname = *cp++;
+	  unsigned int varname = *cp++;
+	  const int *subop;
+	  int c;
 
 	  /* Start processing RHS.  Continue until a NULL or '=' is found.  */
 	  do
 	    {
+	      unsigned v;
+
 	      c = *cp++;
 
 	      /* If this is a variable, push it on the stack.  */

-- 
Alan Modra
Australia Development Lab, IBM