[Bug tools/23248] New: armv7l: dwarf_getsrclines.c:362:37: error: argument 1 value '4294967288' exceeds maximum object size 2147483647 [-Werror=alloc-size-larger-than=]

public inbox for elfutils@sourceware.org
 help / color / mirror / Atom feed

* [Bug tools/23248] New: armv7l: dwarf_getsrclines.c:362:37: error: argument 1 value '4294967288' exceeds maximum object size 2147483647 [-Werror=alloc-size-larger-than=]
@ 2018-05-30 10:16 mliska at suse dot cz
  2018-05-30 11:06 ` [Bug tools/23248] " mliska at suse dot cz
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: mliska at suse dot cz @ 2018-05-30 10:16 UTC (permalink / raw)
  To: elfutils-devel

https://sourceware.org/bugzilla/show_bug.cgi?id=23248

            Bug ID: 23248
           Summary: armv7l: dwarf_getsrclines.c:362:37: error: argument 1
                    value '4294967288' exceeds maximum object size
                    2147483647 [-Werror=alloc-size-larger-than=]
           Product: elfutils
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: tools
          Assignee: unassigned at sourceware dot org
          Reporter: mliska at suse dot cz
                CC: elfutils-devel at sourceware dot org
  Target Milestone: ---

I see it in build service for 0.171 RC1:

[  181s] dwarf_getsrclines.c: In function 'read_srclines':
[  181s] dwarf_getsrclines.c:362:37: error: argument 1 value '4294967288'
exceeds maximum object size 2147483647 [-Werror=alloc-size-larger-than=]
[  181s]        dirarray = (struct dirlist *) malloc (ndirlist * sizeof
(*dirarray));
[  181s]                                     
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[  181s] In file included from dwarf_getsrclines.c:34:
[  181s] /usr/include/stdlib.h:539:14: note: in a call to allocation function
'malloc' declared here
[  181s]  extern void *malloc (size_t __size) __THROW __attribute_malloc__
__wur;
[  181s]               ^~~~~~

Unfortunately I don't have any handy ARM machine I can reproduce that. But
probably caused by:

libdw/memory-access.h:
    73  static inline uint64_t
    74  __libdw_get_uleb128 (const unsigned char **addrp, const unsigned char
*end)
    75  {
    76    uint64_t acc = 0;
    77  
    78    /* Unroll the first step to help the compiler optimize
    79       for the common single-byte case.  */
    80    get_uleb128_step (acc, *addrp, 0);
    81  
    82    const size_t max = __libdw_max_len_uleb128 (*addrp - 1, end);
    83    for (size_t i = 1; i < max; ++i)
    84      get_uleb128_step (acc, *addrp, i);
    85    /* Other implementations set VALUE to UINT_MAX in this
    86       case.  So we better do this as well.  */
    87    return UINT64_MAX;
    88  }

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug tools/23248] armv7l: dwarf_getsrclines.c:362:37: error: argument 1 value '4294967288' exceeds maximum object size 2147483647 [-Werror=alloc-size-larger-than=]
  2018-05-30 10:16 [Bug tools/23248] New: armv7l: dwarf_getsrclines.c:362:37: error: argument 1 value '4294967288' exceeds maximum object size 2147483647 [-Werror=alloc-size-larger-than=] mliska at suse dot cz
@ 2018-05-30 11:06 ` mliska at suse dot cz
  2018-05-30 12:23 ` mark at klomp dot org
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: mliska at suse dot cz @ 2018-05-30 11:06 UTC (permalink / raw)
  To: elfutils-devel

https://sourceware.org/bugzilla/show_bug.cgi?id=23248

--- Comment #1 from Martin Liska <mliska at suse dot cz> ---
The same happens on i586, after lunch I'll isolate that.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug tools/23248] armv7l: dwarf_getsrclines.c:362:37: error: argument 1 value '4294967288' exceeds maximum object size 2147483647 [-Werror=alloc-size-larger-than=]
  2018-05-30 10:16 [Bug tools/23248] New: armv7l: dwarf_getsrclines.c:362:37: error: argument 1 value '4294967288' exceeds maximum object size 2147483647 [-Werror=alloc-size-larger-than=] mliska at suse dot cz
  2018-05-30 11:06 ` [Bug tools/23248] " mliska at suse dot cz
@ 2018-05-30 12:23 ` mark at klomp dot org
  2018-05-30 12:50 ` mark at klomp dot org
  2018-05-31 19:49 ` mark at klomp dot org
  3 siblings, 0 replies; 5+ messages in thread
From: mark at klomp dot org @ 2018-05-30 12:23 UTC (permalink / raw)
  To: elfutils-devel

https://sourceware.org/bugzilla/show_bug.cgi?id=23248

Mark Wielaard <mark at klomp dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mark at klomp dot org

--- Comment #2 from Mark Wielaard <mark at klomp dot org> ---
ndirs is read from the debug data and should be size checked before use.
Does the following work for you?

diff --git a/libdw/dwarf_getsrclines.c b/libdw/dwarf_getsrclines.c
index 2bf30984..c353e5b7 100644
--- a/libdw/dwarf_getsrclines.c
+++ b/libdw/dwarf_getsrclines.c
@@ -359,6 +359,8 @@ read_srclines (Dwarf *dbg,
   ndirlist = ndirs;
   if (ndirlist >= MAX_STACK_DIRS)
     {
+      if (ndirlist > SIZE_MAX / sizeof (*dirarray))
+       goto no_mem;
       dirarray = (struct dirlist *) malloc (ndirlist * sizeof (*dirarray));
       if (unlikely (dirarray == NULL))
        {

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug tools/23248] armv7l: dwarf_getsrclines.c:362:37: error: argument 1 value '4294967288' exceeds maximum object size 2147483647 [-Werror=alloc-size-larger-than=]
  2018-05-30 10:16 [Bug tools/23248] New: armv7l: dwarf_getsrclines.c:362:37: error: argument 1 value '4294967288' exceeds maximum object size 2147483647 [-Werror=alloc-size-larger-than=] mliska at suse dot cz
  2018-05-30 11:06 ` [Bug tools/23248] " mliska at suse dot cz
  2018-05-30 12:23 ` mark at klomp dot org
@ 2018-05-30 12:50 ` mark at klomp dot org
  2018-05-31 19:49 ` mark at klomp dot org
  3 siblings, 0 replies; 5+ messages in thread
From: mark at klomp dot org @ 2018-05-30 12:50 UTC (permalink / raw)
  To: elfutils-devel

https://sourceware.org/bugzilla/show_bug.cgi?id=23248

--- Comment #3 from Mark Wielaard <mark at klomp dot org> ---
Martin pointed out that only works (on 64bit) if ndirlist was actually a size_t
(like nfilelist already is). So the full patch would be:

diff --git a/libdw/dwarf_getsrclines.c b/libdw/dwarf_getsrclines.c
index 2bf30984..790d4e49 100644
--- a/libdw/dwarf_getsrclines.c
+++ b/libdw/dwarf_getsrclines.c
@@ -154,7 +154,7 @@ read_srclines (Dwarf *dbg,
   int res = -1;

   size_t nfilelist = 0;
-  unsigned int ndirlist = 0;
+  size_t ndirlist = 0;

   /* If there are a large number of lines, files or dirs don't blow up
      the stack.  Stack allocate some entries, only dynamically malloc
@@ -299,7 +299,7 @@ read_srclines (Dwarf *dbg,
   };

   /* First count the entries.  */
-  unsigned int ndirs = 0;
+  size_t ndirs = 0;
   if (version < 5)
     {
       const unsigned char *dirp = linep;
@@ -359,6 +359,8 @@ read_srclines (Dwarf *dbg,
   ndirlist = ndirs;
   if (ndirlist >= MAX_STACK_DIRS)
     {
+      if (ndirlist > SIZE_MAX / sizeof (*dirarray))
+       goto no_mem;
       dirarray = (struct dirlist *) malloc (ndirlist * sizeof (*dirarray));
       if (unlikely (dirarray == NULL))
        {

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Bug tools/23248] armv7l: dwarf_getsrclines.c:362:37: error: argument 1 value '4294967288' exceeds maximum object size 2147483647 [-Werror=alloc-size-larger-than=]
  2018-05-30 10:16 [Bug tools/23248] New: armv7l: dwarf_getsrclines.c:362:37: error: argument 1 value '4294967288' exceeds maximum object size 2147483647 [-Werror=alloc-size-larger-than=] mliska at suse dot cz
                   ` (2 preceding siblings ...)
  2018-05-30 12:50 ` mark at klomp dot org
@ 2018-05-31 19:49 ` mark at klomp dot org
  3 siblings, 0 replies; 5+ messages in thread
From: mark at klomp dot org @ 2018-05-31 19:49 UTC (permalink / raw)
  To: elfutils-devel

https://sourceware.org/bugzilla/show_bug.cgi?id=23248

Mark Wielaard <mark at klomp dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |FIXED

--- Comment #4 from Mark Wielaard <mark at klomp dot org> ---
commit 3a5bbc919873fc8adee7345dd7dec585eb4d2547 (wildebeest/buildbot,
origin/master, origin/HEAD, master, buildbot)
Author: Mark Wielaard <mark@klomp.org>
Date:   Wed May 30 15:51:12 2018 +0200

    libdw: Fix overflow warning on 32bit systems with GCC8 in
dwarf_getsrclines.

    ndirs is read from the debug data and should be size checked before use.

    https://sourceware.org/bugzilla/show_bug.cgi?id=23248

    Signed-off-by: Mark Wielaard <mark@klomp.org>

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2018-05-31 19:49 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-30 10:16 [Bug tools/23248] New: armv7l: dwarf_getsrclines.c:362:37: error: argument 1 value '4294967288' exceeds maximum object size 2147483647 [-Werror=alloc-size-larger-than=] mliska at suse dot cz
2018-05-30 11:06 ` [Bug tools/23248] " mliska at suse dot cz
2018-05-30 12:23 ` mark at klomp dot org
2018-05-30 12:50 ` mark at klomp dot org
2018-05-31 19:49 ` mark at klomp dot org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).