From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by sourceware.org (Postfix) with ESMTPS id A899A3858D32 for ; Tue, 14 Nov 2023 18:57:21 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A899A3858D32 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=google.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org A899A3858D32 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::633 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699988243; cv=none; b=S6mgaGpDmPWJgtDevSsSkrQV5yhlMR5TuSCju2pmMqIWHXU05nf/gZFnr2XaTyL7f25gJOp9FnQRChG9IbDTWGyXWDMVRqnVPvKQxyOjCYPradA0YH9i0rzr3bOM5SsKBnyeEkoJdFW896rwzSam7fd0yCcJs0INyKhs3Vx5QqI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699988243; c=relaxed/simple; bh=OQuGyuDhEyc0nN0M6phNqfSBru3pqlSErCq6R+ElVMg=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=nzvf9epPlBeTEPvBD2uJ+wYvqZF3YKi8sd+jsLtYtNTkGxSTkho36aRpWBUyiF/X4pUPv2lw+9tsQd9d5ZEpQ9Zt1Mg3/87PVk0KpH7dp4LFVo/2Et0hvRxSjtpF1LnH3DtOMDFtqDjwLFnS8xJokPICXQdoZJ0C9rHipK/F24g= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-9f27af23443so3301766b.0 for ; Tue, 14 Nov 2023 10:57:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1699988240; x=1700593040; darn=sourceware.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Gb8BgC3NInDH3hVgHrd3i8b29jtEW3uyIUXp82IxObg=; b=NQpvPwZasTLTNa539QM9Hlc3k23bhqLRNoftMw+PraR1EN8SZh08zcA4d3gkQ+gj5i 6EF3l4iLj0phZBduKv0tGS+dGuD/4F3d9XBcXdffHkKkArudx9OMZFAPacHGF/irhrw3 I733BxGk6vIWnDKvyOC4eur9ylbBaAAJDJDLd1QlsHPn+9+Ua19J0R4yeGJ9FhB5VOmo kn/iyAosbgzd4SlvWkvo+NjOm4qgjnTq9Qlu50pwoSKxZqclBqFIkI+Td9x1P0qX5f6M K29/d1M8JlqKwL3okwHuDNMHbY1pagT0uKLitf0SnQwxyNwFd/OVoiHUOvfgYGt1rMF6 6riw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699988240; x=1700593040; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Gb8BgC3NInDH3hVgHrd3i8b29jtEW3uyIUXp82IxObg=; b=fSwc7hXWsSwTrPd415yAsQotqHy+iRzAcaRVOVJi70XFgpdWI7TZYEGPf8sgrVhm5p HYTjkkmKGkIZFjilNqA9MQvg320G+FFr1qPP2kEgd0abYr5xPYzCQLik6oBeOhZnUo3m 12Uj2B4hVxFH36sTgGg/2uQAgyAKTocyvoSPOIFSvhvV2oGfHyW3paPSNBKxxYCQ/r+M JudYmKygYpY6BixjT+9txsJSF77LOeN3/wrzvs5nsBRQ5ijQRJlEXNXDBdKSDMYiQz4Q DgV+sEo281lGix3arrnyIQ+X2ixSqQ9QjYBBo3ok4qzChwEt1tnVptW6n5lkLO7bYVW0 XnNg== X-Gm-Message-State: AOJu0YxkvGOroLwtnnjSlfh1YMfi+sRRf7b+QXx6wd0I7pQer9X1Sa+1 Mjgpv87NIzItHVNLPrv4U6Mp+4IqkQXpbdS6P6/F+Q== X-Google-Smtp-Source: AGHT+IGRFq7lldOrt8JDfO7QzUPBztkzV475DQKVueRsDVwdgyQgEDa1x6+JHz3sncjmrjdbhGATI9VDMfK6MFjN6OE= X-Received: by 2002:a17:906:c1c2:b0:9e6:6b44:b38c with SMTP id bw2-20020a170906c1c200b009e66b44b38cmr8310587ejb.7.1699988239930; Tue, 14 Nov 2023 10:57:19 -0800 (PST) MIME-Version: 1.0 References: <20231113225835.4083255-2-ppluzhnikov@google.com> <1753a9db4e9b8fd4efe1b2cb8bf330c69d6f4657.camel@klomp.org> <0dcd4ebd0c41044efaea3a5b38c605bb79bc5b61.camel@klomp.org> In-Reply-To: <0dcd4ebd0c41044efaea3a5b38c605bb79bc5b61.camel@klomp.org> From: Paul Pluzhnikov Date: Tue, 14 Nov 2023 10:56:50 -0800 Message-ID: Subject: Re: [PATCH] Fix computations with (potentially) NULL pointer To: Mark Wielaard Cc: elfutils-devel@sourceware.org, nafi@google.com, maennich@google.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-25.7 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Tue, Nov 14, 2023 at 9:55=E2=80=AFAM Mark Wielaard wrot= e: > Unfortunately our 32bit buildbots were also very quick to point out an > issue: https://builder.sourceware.org/buildbot/#/changes/35202 Sorry about the break. I just tried "./configure "CC=3Dgcc -m32" "CXX=3Dg++ -m32" and that didn't reproduce the failure. > Which does expose an interesting issue that (theoretically) mmaped > 64bit Elf files cannot be used on 32bit architectures... hohum. The failure here would be when map_addr ends up high in memory, and e_shoff is so large that it causes a wrap around. Section headers do tend to be near the end of the ELF. One of our large 64-bit binaries (3.6GiB in size) has e_shoff =3D=3D 3803727624, so the overflow seems very likely here ... except the mmap would have failed already, because the mmap covers the entire file. So I think the overflow can not happen in practice. If that's true, we can cast e_shoff to ptrdiff_t to suppress the warning. diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c index 9f8196b6..dcaad8ee 100644 --- a/libelf/elf_begin.c +++ b/libelf/elf_begin.c @@ -492,7 +492,7 @@ file_read_elf (int fildes, void *map_address, unsigned char *e_ident, goto free_and_out; if (scncnt > 0) - elf->state.elf64.shdr =3D (Elf64_Shdr *) (ehdr + e_shoff); + elf->state.elf64.shdr =3D (Elf64_Shdr *) (ehdr + (ptrdiff_t) e_= shoff); for (size_t cnt =3D 0; cnt < scncnt; ++cnt) { --=20 Paul Pluzhnikov