From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
 id D9563385802A; Thu,  9 Dec 2021 19:30:02 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D9563385802A
From: "mark at klomp dot org" <sourceware-bugzilla@sourceware.org>
To: elfutils-devel@sourceware.org
Subject: [Bug libdw/28659] UBSan seems to complain about an "integer
 overflow" in dwfl_segment_report_module
Date: Thu, 09 Dec 2021 19:30:02 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: elfutils
X-Bugzilla-Component: libdw
X-Bugzilla-Version: unspecified
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: mark at klomp dot org
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: mark at klomp dot org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: resolution bug_status
Message-ID: <bug-28659-10460-PVtOWrZqpD@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-28659-10460@http.sourceware.org/bugzilla/>
References: <bug-28659-10460@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: elfutils-devel@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/elfutils-devel/>
List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2021 19:30:03 -0000

https://sourceware.org/bugzilla/show_bug.cgi?id=3D28659

Mark Wielaard <mark at klomp dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED

--- Comment #3 from Mark Wielaard <mark at klomp dot org> ---
Thanks for testing, pushed as:

commit b9ed67836b6f4e580927b4e8e1c8517e70a086be
Author: Mark Wielaard <mark@klomp.org>
Date:   Wed Dec 8 22:20:17 2021 +0100

    libdwfl: Don't trust e_shentsize in dwfl_segment_report_module

    When calulating the possible section header table end us the actual size
    of the section headers (sizeof (Elf32_Shdr) or sizeof (Elf64_Shdr)),
    not the ELF header e_shentsize value, which can be corrupted. This
    prevents a posssible overflow, but we check the shdrs_end is sane
    later anyway.

    https://sourceware.org/bugzilla/show_bug.cgi?id=3D28659

    Signed-off-by: Mark Wielaard <mark@klomp.org>

> it fixed one LGTM alert as well. I'm not sure if I mentioned this anywher=
e but
> LGTM builds those reports on a daily basis and those reports can be found=
 at
> https://lgtm.com/projects/g/evverx/elfutils/alerts/?mode=3Dtree .

Hmmm. At first I thought this was pretty useful to add to our own buildbot =
CI
setup. But it comes with a horribly proprietary license :{ "CodeQL can=E2=
=80=99t be
used for automated analysis, continuous integration or continuous delivery"
Sigh.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=