From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) by sourceware.org (Postfix) with ESMTPS id B38723858CDA for ; Tue, 14 Nov 2023 16:12:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B38723858CDA Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=google.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B38723858CDA Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::629 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699978380; cv=none; b=QxzNFzcsf0WcZrOqM4Oj2SAMR9bgcha4sL83WEWjWT/WRS4HcE1e7SNTBShrEHxmdDsJO/gZDf6bM8RaAekjlwxOZyg4UWy3/G3lV1QVHsKH4FFMOKly72tOkJZx+/Ngi7RX6Rp1TrZJL5mOUlrhuj11hj17jnU2da0MI05yjl8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699978380; c=relaxed/simple; bh=cdr7vulI2xbhNqgqF1BP7rvB8/9inWkM9N0x3jxzHzA=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=Xvhh5foPzVQi6oMH1lmY8NCND+a2cY+5MAgeRHa6aFHXXgBjdtH3iTJ82Hz0OV+LMZwxjGz7GXmWgqU8ViXUU+BdB9cTccpDCkEQlrdPP9Y9uEuiM45Cljhr4UsiDvmWZlwx5Gn3PE9RovuYrJeVAiThHomH/Fvqr1Coox+ZMcw= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-9e1fb7faa9dso867966366b.2 for ; Tue, 14 Nov 2023 08:12:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1699978373; x=1700583173; darn=sourceware.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=E4GmdL5hjQHsztMwa6TJ5NO8VaUYwBwGDRmGAUDY090=; b=boj5cmcs0Ht7nDu9RswaCQ6BxjWcirs11hVazIqGBRfHv8xe63npZZusUcX8vocsQw HUZYsqidXNMxoB47OOzxvN7PR4wVCMYoEhe/EciWhFqrsXjV6N4cQgaPbIaIDPx+3KeM lon1aS20JsMiWurXGKEjRJ9HoWUEi8nWEhIfCpglS+eK2FZOrKzV3TmKf5zNdrYC70+A ZLf5B+CD9dFjoNmW0GRJDCE+tl5INoyhlYBbhB/K80UssHiYNLtMBcjWwCNJreM8xZSq muCbw02cu4hYvwUxbSOg1hZMCw2HSZlbTXc1OtJ7jMJF9gY9L3B6dJ8+qOgyWZ+34jdV uvxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699978373; x=1700583173; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=E4GmdL5hjQHsztMwa6TJ5NO8VaUYwBwGDRmGAUDY090=; b=II0kZWVQH0BFKaq+fXMyzNmXez/SO2QEizIBeAezRzUUKSrBGPlupFnPyHyLXkxkys PqZRrj+fPJJ5o8RSBFLjNJNkJxIl7N0FvFjsArm/dkQVqFjyUt3p+SBXZmcXcWAHclRz U5nWWKLUtd4oY1HdVudjs02Rwwqg9P1OVXzh+3KMel48e9OpWaiYzGhBMq9sdWrTv2fa MdrrbnixCBhwhC78EuAtatsApW3EECCVK1Tk7c7WTdoUCkd2RFIvNQh0FBFf2TBL17Yd esGxZ99mTZpGGmPsgOAUzy9S52tuDxMBSMwVg1hAKDilGpCid7nyYBHyX/uBCQQ0H/T3 gjCg== X-Gm-Message-State: AOJu0YyMh76Es6xRJyOIxyAxcBHMlvraCvCR7BUXIhgkw/ui8pAHIyhA 7RqusHQ/c7jtXLoQ/6VXZUrJ5k4LSciD4MUJi7tgOw== X-Google-Smtp-Source: AGHT+IHPFa/P7fzCmPU6fQUnQqXempSw45WJ4cHlh7ZGZVcmBljzHz+41/WpDu1qRV6DQnqG0xBLyYe38TwteL5rk6I= X-Received: by 2002:a17:906:5245:b0:9e5:2b1f:13f4 with SMTP id y5-20020a170906524500b009e52b1f13f4mr7000221ejm.42.1699978372788; Tue, 14 Nov 2023 08:12:52 -0800 (PST) MIME-Version: 1.0 References: <20231113225835.4083255-2-ppluzhnikov@google.com> In-Reply-To: From: Paul Pluzhnikov Date: Tue, 14 Nov 2023 08:12:22 -0800 Message-ID: Subject: Re: [PATCH] Fix computations with (potentially) NULL pointer To: Mark Wielaard Cc: elfutils-devel@sourceware.org, nafi@google.com, maennich@google.com Content-Type: multipart/mixed; boundary="00000000000009f704060a1f0f16" X-Spam-Status: No, score=-19.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --00000000000009f704060a1f0f16 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Mark, On Tue, Nov 14, 2023 at 4:57=E2=80=AFAM Mark Wielaard wrot= e: > Urgh, I had no idea NULL + ... was technically undefined behavior. ISO/IEC 9899:201x 6.5.6p8 When an expression that has integer type is added to or subtracted from a pointer, the result has the type of the pointer operand. If the pointer operand points to an element of an array object, and the array is large enough, the result points to an element offset from the original element such that the difference of the subscripts of the resulting and original array elements equals the integer expression. ... If both the pointer operand and the result point to elements of the same array object, or one past the last element of the array object, the evaluation shall not produce an overflow; otherwise, the behavior is undefined. > It would be slightly nicer if > we could just do the computation after checking map_address !=3D NULL > (since ehdr is only used after such a check). That would require > rearranging some of the if statements. Does that make the code too > complicated? I tried it, and it does: we need both "map_addr !=3D 0" and "ehdr is properly aligned", but we can't compute the latter before evaluating the former, and we have the else clause when either condition fails. I can fix this with a goto, or a helper variable, but the current solution of keeping ehdr as uintptr_t is much simpler. It also reduces the casting and line wrapping required :-) > Also this only resolves the issue for the 64bit ELF case. Just above > this code is basically the same code for 32bit ELF. That code also > needs to be fixed. Sorry I missed that. Revised patch attached. Thanks, --=20 Paul Pluzhnikov --00000000000009f704060a1f0f16 Content-Type: application/octet-stream; name="0001-Fix-computations-with-potentially-NULL-pointer.patch" Content-Disposition: attachment; filename="0001-Fix-computations-with-potentially-NULL-pointer.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_loyj2vtp0 RnJvbSA0ZmM0YjYwMWUxMTExMDM4NDI2OWMxZjhhNTcyYzcyMzMyNGE3ZWI1IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBQYXVsIFBsdXpobmlrb3YgPHBwbHV6aG5pa292QGdvb2dsZS5j b20+CkRhdGU6IE1vbiwgMTMgTm92IDIwMjMgMjI6NDA6NDYgKzAwMDAKU3ViamVjdDogW1BBVENI XSBGaXggY29tcHV0YXRpb25zIHdpdGggKHBvdGVudGlhbGx5KSBOVUxMIHBvaW50ZXIKCldoZW4g bWFwX2FkZHJlc3MgaXMgTlVMTCwgY29tcHV0aW5nIG1hcF9hZGRyZXNzK29mZnNldCBpcyB0ZWNo bmljYWxseQp1bmRlZmluZWQgYmVoYXZpb3IsIGFuZCB0cmlnZ2VycyBDbGFuZy9MTFZNIHdhcm5p bmcgd2hlbiB1c2luZwotZnNhbml0aXplPXBvaW50ZXItb3ZlcmZsb3cuCgpGaXggdGhpcyBieSB1 c2luZyB1aW50cHRyX3QgdG8gcGVyZm9ybSBjb21wdXRhdGlvbnMuCgpTaWduZWQtb2ZmLWJ5OiBT aGFocmlhciAiTmFmaSIgUm91ZiA8bmFmaUBnb29nbGUuY29tPgpTaWduZWQtb2ZmLWJ5OiBQYXVs IFBsdXpobmlrb3YgPHBwbHV6aG5pa292QGdvb2dsZS5jb20+Ci0tLQogbGliZWxmL2VsZl9iZWdp bi5jIHwgMjQgKysrKysrKysrKy0tLS0tLS0tLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMTAgaW5z ZXJ0aW9ucygrKSwgMTQgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvbGliZWxmL2VsZl9iZWdp bi5jIGIvbGliZWxmL2VsZl9iZWdpbi5jCmluZGV4IGZlOGM2NDBhLi45ZjgxOTZiNiAxMDA2NDQK LS0tIGEvbGliZWxmL2VsZl9iZWdpbi5jCisrKyBiL2xpYmVsZi9lbGZfYmVnaW4uYwpAQCAtMzQx LDE1ICszNDEsMTUgQEAgZmlsZV9yZWFkX2VsZiAoaW50IGZpbGRlcywgdm9pZCAqbWFwX2FkZHJl c3MsIHVuc2lnbmVkIGNoYXIgKmVfaWRlbnQsCiAgICAgewogICAgICAgLyogVGhpcyBwb2ludGVy IG1pZ2h0IG5vdCBiZSBkaXJlY3RseSB1c2FibGUgaWYgdGhlIGFsaWdubWVudCBpcwogCSBub3Qg c3VmZmljaWVudCBmb3IgdGhlIGFyY2hpdGVjdHVyZS4gICovCi0gICAgICBFbGYzMl9FaGRyICpl aGRyID0gKEVsZjMyX0VoZHIgKikgKChjaGFyICopIG1hcF9hZGRyZXNzICsgb2Zmc2V0KTsKKyAg ICAgIHVpbnRwdHJfdCBlaGRyID0gKHVpbnRwdHJfdCkgbWFwX2FkZHJlc3MgKyBvZmZzZXQ7CiAK ICAgICAgIC8qIFRoaXMgaXMgYSAzMi1iaXQgYmluYXJ5LiAgKi8KICAgICAgIGlmIChtYXBfYWRk cmVzcyAhPSBOVUxMICYmIGVfaWRlbnRbRUlfREFUQV0gPT0gTVlfRUxGREFUQQogCSAgJiYgKEFM TE9XX1VOQUxJR05FRAotCSAgICAgIHx8ICgoKHVpbnRwdHJfdCkgZWhkcikgJiAoX19hbGlnbm9m X18gKEVsZjMyX0VoZHIpIC0gMSkpID09IDApKQorCSAgICAgIHx8IChlaGRyICYgKF9fYWxpZ25v Zl9fIChFbGYzMl9FaGRyKSAtIDEpKSA9PSAwKSkKIAl7CiAJICAvKiBXZSBjYW4gdXNlIHRoZSBt bWFwcGVkIG1lbW9yeS4gICovCi0JICBlbGYtPnN0YXRlLmVsZjMyLmVoZHIgPSBlaGRyOworCSAg ZWxmLT5zdGF0ZS5lbGYzMi5laGRyID0gKEVsZjMyX0VoZHIgKikgZWhkcjsKIAl9CiAgICAgICBl bHNlCiAJewpAQCAtMzgyLDggKzM4Miw3IEBAIGZpbGVfcmVhZF9lbGYgKGludCBmaWxkZXMsIHZv aWQgKm1hcF9hZGRyZXNzLCB1bnNpZ25lZCBjaGFyICplX2lkZW50LAogICAgICAgaWYgKG1hcF9h ZGRyZXNzICE9IE5VTEwgJiYgZV9pZGVudFtFSV9EQVRBXSA9PSBNWV9FTEZEQVRBCiAJICAmJiBj bWQgIT0gRUxGX0NfUkVBRF9NTUFQIC8qIFdlIG5lZWQgYSBjb3B5IHRvIGJlIGFibGUgdG8gd3Jp dGUuICAqLwogCSAgJiYgKEFMTE9XX1VOQUxJR05FRAotCSAgICAgIHx8ICgoKCh1aW50cHRyX3Qp IGVoZHIgKyBlX3Nob2ZmKQotCQkgICAmIChfX2FsaWdub2ZfXyAoRWxmMzJfU2hkcikgLSAxKSkg PT0gMCkpKQorCSAgICAgIHx8ICgoKGVoZHIgKyBlX3Nob2ZmKSAmIChfX2FsaWdub2ZfXyAoRWxm MzJfU2hkcikgLSAxKSkgPT0gMCkpKQogCXsKIAkgIGlmICh1bmxpa2VseSAoc2NuY250ID4gMCAm JiBlX3Nob2ZmID49IG1heHNpemUpCiAJICAgICAgfHwgdW5saWtlbHkgKG1heHNpemUgLSBlX3No b2ZmCkBAIC0zOTYsOCArMzk1LDcgQEAgZmlsZV9yZWFkX2VsZiAoaW50IGZpbGRlcywgdm9pZCAq bWFwX2FkZHJlc3MsIHVuc2lnbmVkIGNoYXIgKmVfaWRlbnQsCiAJICAgIH0KIAogCSAgaWYgKHNj bmNudCA+IDApCi0JICAgIGVsZi0+c3RhdGUuZWxmMzIuc2hkcgotCSAgICAgID0gKEVsZjMyX1No ZHIgKikgKChjaGFyICopIGVoZHIgKyBlX3Nob2ZmKTsKKwkgICAgZWxmLT5zdGF0ZS5lbGYzMi5z aGRyID0gKEVsZjMyX1NoZHIgKikgKGVoZHIgKyBlX3Nob2ZmKTsKIAogCSAgZm9yIChzaXplX3Qg Y250ID0gMDsgY250IDwgc2NuY250OyArK2NudCkKIAkgICAgewpAQCAtNDQ1LDE1ICs0NDMsMTUg QEAgZmlsZV9yZWFkX2VsZiAoaW50IGZpbGRlcywgdm9pZCAqbWFwX2FkZHJlc3MsIHVuc2lnbmVk IGNoYXIgKmVfaWRlbnQsCiAgICAgewogICAgICAgLyogVGhpcyBwb2ludGVyIG1pZ2h0IG5vdCBi ZSBkaXJlY3RseSB1c2FibGUgaWYgdGhlIGFsaWdubWVudCBpcwogCSBub3Qgc3VmZmljaWVudCBm b3IgdGhlIGFyY2hpdGVjdHVyZS4gICovCi0gICAgICBFbGY2NF9FaGRyICplaGRyID0gKEVsZjY0 X0VoZHIgKikgKChjaGFyICopIG1hcF9hZGRyZXNzICsgb2Zmc2V0KTsKKyAgICAgIHVpbnRwdHJf dCBlaGRyID0gKHVpbnRwdHJfdCkgbWFwX2FkZHJlc3MgKyBvZmZzZXQ7CiAKICAgICAgIC8qIFRo aXMgaXMgYSA2NC1iaXQgYmluYXJ5LiAgKi8KICAgICAgIGlmIChtYXBfYWRkcmVzcyAhPSBOVUxM ICYmIGVfaWRlbnRbRUlfREFUQV0gPT0gTVlfRUxGREFUQQogCSAgJiYgKEFMTE9XX1VOQUxJR05F RAotCSAgICAgIHx8ICgoKHVpbnRwdHJfdCkgZWhkcikgJiAoX19hbGlnbm9mX18gKEVsZjY0X0Vo ZHIpIC0gMSkpID09IDApKQorCSAgICAgIHx8IChlaGRyICYgKF9fYWxpZ25vZl9fIChFbGY2NF9F aGRyKSAtIDEpKSA9PSAwKSkKIAl7CiAJICAvKiBXZSBjYW4gdXNlIHRoZSBtbWFwcGVkIG1lbW9y eS4gICovCi0JICBlbGYtPnN0YXRlLmVsZjY0LmVoZHIgPSBlaGRyOworCSAgZWxmLT5zdGF0ZS5l bGY2NC5laGRyID0gKEVsZjY0X0VoZHIgKikgZWhkcjsKIAl9CiAgICAgICBlbHNlCiAJewpAQCAt NDg2LDggKzQ4NCw3IEBAIGZpbGVfcmVhZF9lbGYgKGludCBmaWxkZXMsIHZvaWQgKm1hcF9hZGRy ZXNzLCB1bnNpZ25lZCBjaGFyICplX2lkZW50LAogICAgICAgaWYgKG1hcF9hZGRyZXNzICE9IE5V TEwgJiYgZV9pZGVudFtFSV9EQVRBXSA9PSBNWV9FTEZEQVRBCiAJICAmJiBjbWQgIT0gRUxGX0Nf UkVBRF9NTUFQIC8qIFdlIG5lZWQgYSBjb3B5IHRvIGJlIGFibGUgdG8gd3JpdGUuICAqLwogCSAg JiYgKEFMTE9XX1VOQUxJR05FRAotCSAgICAgIHx8ICgoKCh1aW50cHRyX3QpIGVoZHIgKyBlX3No b2ZmKQotCQkgICAmIChfX2FsaWdub2ZfXyAoRWxmNjRfU2hkcikgLSAxKSkgPT0gMCkpKQorCSAg ICAgIHx8ICgoKGVoZHIgKyBlX3Nob2ZmKSAmIChfX2FsaWdub2ZfXyAoRWxmNjRfU2hkcikgLSAx KSkgPT0gMCkpKQogCXsKIAkgIGlmICh1bmxpa2VseSAoc2NuY250ID4gMCAmJiBlX3Nob2ZmID49 IG1heHNpemUpCiAJICAgICAgfHwgdW5saWtlbHkgKG1heHNpemUgLSBlX3Nob2ZmCkBAIC00OTUs OCArNDkyLDcgQEAgZmlsZV9yZWFkX2VsZiAoaW50IGZpbGRlcywgdm9pZCAqbWFwX2FkZHJlc3Ms IHVuc2lnbmVkIGNoYXIgKmVfaWRlbnQsCiAJICAgIGdvdG8gZnJlZV9hbmRfb3V0OwogCiAJICBp ZiAoc2NuY250ID4gMCkKLQkgICAgZWxmLT5zdGF0ZS5lbGY2NC5zaGRyCi0JICAgICAgPSAoRWxm NjRfU2hkciAqKSAoKGNoYXIgKikgZWhkciArIGVfc2hvZmYpOworCSAgICBlbGYtPnN0YXRlLmVs ZjY0LnNoZHIgPSAoRWxmNjRfU2hkciAqKSAoZWhkciArIGVfc2hvZmYpOwogCiAJICBmb3IgKHNp emVfdCBjbnQgPSAwOyBjbnQgPCBzY25jbnQ7ICsrY250KQogCSAgICB7Ci0tIAoyLjQyLjAuODY5 LmdlYTA1ZjIwODNkLWdvb2cKCg== --00000000000009f704060a1f0f16--