From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16540 invoked by alias); 28 Mar 2018 19:25:29 -0000 Mailing-List: contact elfutils-devel-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: elfutils-devel-owner@sourceware.org Received: (qmail 16066 invoked by uid 48); 28 Mar 2018 19:25:17 -0000 From: "mark at klomp dot org" To: elfutils-devel@sourceware.org Subject: [Bug tools/23011] Infinite loop in handle_sysv_hash (src/readelf.c) Date: Wed, 28 Mar 2018 19:25:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: elfutils X-Bugzilla-Component: tools X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: mark at klomp dot org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2018-q1/txt/msg00117.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=3D23011 Mark Wielaard changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mark at klomp dot org --- Comment #1 from Mark Wielaard --- ewww nasty. The idea is that the bucket entries point to the (first) symbol= for a particular hash. If that symbol is not the one needed then you look wheth= er there are other symbols with the same hash value in the chain. There are as many chain entries as symbols, and for each symbol n, chain[n] is either ze= ro if there are no other symbols with the same hash, or it is the value of the next symbol with the same hash (for the last one the chain entry is zero). There are obviously not supposed to be "loops" in the chain. The easiest to check would be the limit the number of chains to follow to the number of symbols, which is equal the total number of chain entries (nchain). Note that the same could happen in handle_sysv_hash64 which uses the same k= ind of bucket chain loop. --=20 You are receiving this mail because: You are on the CC list for the bug.