* Use of uninitialized memory
@ 2023-09-15 10:10 Jacob Navia
2023-09-18 11:06 ` Nick Clifton
0 siblings, 1 reply; 2+ messages in thread
From: Jacob Navia @ 2023-09-15 10:10 UTC (permalink / raw)
To: binutils
[-- Attachment #1: Type: text/plain, Size: 1677 bytes --]
FUNCTION: riscv_ip_hardcode
FILE: gas/config/tc-riscv.c LINE: 3682
Problem: Usage of uninitialized memory.
Variable: Local variable of type "riscv_opcode *" insn.
Description:
This variable is initialized with a call to XNEW(struct riscv_opcode);
3721: insn = XNEW(struct riscv_opcode);
All fields of this structure are garbage since we called malloc.
The next line initializes ONE of those fields:
3722: insn->match = values[num - 1];
Then, a call to "create_insn" is done:
create_insn(ip,insn);
The function "create_insn" initializes its left argument with the values of
its right argument. In this case however, it will "initialize" its left
argument with a structure that contains mostly garbage since only ONE field
has been really initialized!
There is only ONE place where riscv_ip_hardcode is called: in function
s_riscv_insn. After the call, s_riscv_insn assumes that insn has been
correctly initialized and makes:
4868: gas_assert(insn.insn_mo->pinfo != INSN_MACRO);
without realizing that insn.insn_mo->pinfo is a garbage value.
ANALYSIS: Garbage values are unlike to be 0xffffffff, the value of
INSN_MACRO, so in most cases this inequality will be true, and the code
continues to run as if nothing would be wrong. In some cases the code
will fail with an "assertion failed" message. Since this bug is not
reproducible... any bug reports will be discarded.
HOW TO FIX:
1) Intead of calling XNEW call XCNEW that calls calloc instead of malloc.
This will ensure that the inequality will fail.
2) Initialize all values to sensible values. This is much more difficult and
involves much more effort, probably for nothing since those values aren't
used.
Jacob
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Use of uninitialized memory
2023-09-15 10:10 Use of uninitialized memory Jacob Navia
@ 2023-09-18 11:06 ` Nick Clifton
0 siblings, 0 replies; 2+ messages in thread
From: Nick Clifton @ 2023-09-18 11:06 UTC (permalink / raw)
To: Jacob Navia, binutils
Hi Jacob,
Thanks for the bug report and detailed analysis.
> HOW TO FIX:
> 1) Intead of calling XNEW call XCNEW that calls calloc instead of malloc.
> This will ensure that the inequality will fail.
Agreed, and simple is better as far as I am concerned, so I have
checked in this solution.
Cheers
Nick
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-09-18 11:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-15 10:10 Use of uninitialized memory Jacob Navia
2023-09-18 11:06 ` Nick Clifton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).