From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hp@bitrange.com>
Received: from arjuna.pair.com (arjuna.pair.com [209.68.5.131])
 by sourceware.org (Postfix) with ESMTPS id 27FA93857C73
 for <binutils@sourceware.org>; Thu, 25 Mar 2021 00:02:07 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 27FA93857C73
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=bitrange.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=hp@bitrange.com
Received: by arjuna.pair.com (Postfix, from userid 3006)
 id BAE988A549; Wed, 24 Mar 2021 20:02:06 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
 by arjuna.pair.com (Postfix) with ESMTP id BA5CD8A547;
 Wed, 24 Mar 2021 20:02:06 -0400 (EDT)
Date: Wed, 24 Mar 2021 20:02:06 -0400 (EDT)
From: Hans-Peter Nilsson <hp@bitrange.com>
X-X-Sender: hp@arjuna.pair.com
To: Nick Alcock <nick.alcock@oracle.com>
cc: binutils@sourceware.org
Subject: Re: [PATCH 5/8] libctf: don't dereference out-of-bounds locations
 in the qualifier hashtab
In-Reply-To: <20210324012158.35472-5-nick.alcock@oracle.com>
Message-ID: <alpine.BSF.2.20.16.2103241958560.45741@arjuna.pair.com>
References: <20210324012158.35472-1-nick.alcock@oracle.com>
 <20210324012158.35472-5-nick.alcock@oracle.com>
User-Agent: Alpine 2.20.16 (BSF 172 2016-09-29)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Spam-Status: No, score=-10.0 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Mar 2021 00:02:08 -0000

On Wed, 24 Mar 2021, Nick Alcock via Binutils wrote:

> diff --git a/libctf/ctf-lookup.c b/libctf/ctf-lookup.c
> index 9d1e6d8a4a2..e50c868c5b8 100644
> --- a/libctf/ctf-lookup.c
> +++ b/libctf/ctf-lookup.c
> @@ -111,10 +111,13 @@ isqualifier (const char *s, size_t len)
>    };
>
>    int h = s[len - 1] + (int) len - 105;
> +
> +  if (h < 0 || (size_t) h >= sizeof (qhash) / sizeof (qhash[0]))
> +    return 0;
> +
>    const struct qual *qp = &qhash[h];

Do we allow C99 these days?  In recent messages I got the
impression that we're still battling with pre-C90 artefacts.

If not, watch out for the declaration-after-statement there.

brgds, H-P