From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 105618 invoked by alias); 8 Oct 2018 16:34:27 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 105411 invoked by uid 89); 8 Oct 2018 16:34:27 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=1.0 required=5.0 tests=BAYES_40,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_PASS autolearn=no version=3.3.2 spammy=75, dwp, H*i:sk:87o9c8h, think! X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 08 Oct 2018 16:34:25 +0000 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A267130C4F48; Mon, 8 Oct 2018 16:34:24 +0000 (UTC) Received: from blade.nx (ovpn-117-250.ams2.redhat.com [10.36.117.250]) by smtp.corp.redhat.com (Postfix) with ESMTP id 64405179FF; Mon, 8 Oct 2018 16:34:24 +0000 (UTC) Received: by blade.nx (Postfix, from userid 1000) id 8A82380AFD45; Mon, 8 Oct 2018 17:34:23 +0100 (BST) Date: Mon, 08 Oct 2018 16:34:00 -0000 From: Gary Benson To: Tom Tromey Cc: gdb-patches@sourceware.org Subject: Re: [PATCH] Fix buffer overrun found by Coverity Message-ID: <20181008163422.GA8415@blade.nx> References: <1538747591-32283-1-git-send-email-gbenson@redhat.com> <87o9c8h3y9.fsf@tromey.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87o9c8h3y9.fsf@tromey.com> X-IsSubscribed: yes X-SW-Source: 2018-10/txt/msg00180.txt.bz2 Tom Tromey wrote: > >>>>> "Gary" == Gary Benson writes: > > Gary> I would have committed this as obvious, but the testsuite > Gary> doesn't exercise this piece of code; I can't realistically > Gary> say I've regression tested this change, so I'd like another > Gary> pair of eyes on it to be sure. > > What about the fission-dwp.exp board maybe? > Or one of the other boards. Oh, good call, it does. > Gary> - memset (ids, 255, (DW_SECT_MAX + 1) * sizeof (int32_t)); > Gary> - memset (ids_seen, 255, (DW_SECT_MAX + 1) * sizeof (int32_t)); > Gary> + memset (ids, 255, sizeof_ids); > Gary> + memset (ids_seen, 255, sizeof (ids_seen)); > > Later the code does this: > > if (id < DW_SECT_MIN || id > DW_SECT_MAX) > { > error (_("Dwarf Error: bad DWP hash table, bad section id %d" > [...] > ids_seen[id] = i; > ids[i] = id; > > So I think it would be good to ensure that MAX_NR_V2_DWO_SECTIONS is > >= DW_SECT_MAX + 1. At least if I'm understanding this properly. I don't *think* it's necessary: ids_seen is indexed by "id", which is 1 <= id <= DW_SECT_MAX; ids is indexed by "i", which is 0 <= i < nr_columns, and nr_columns is nr_columns <= MAX_NR_V2_DWO_SECTIONS, so 0 <= i < MAX_NR_V2_DWO_SECTIONS. i.e. the dimensions are right, it's just the memset which isn't. I think! Ok, so this one's built and regtested on RHEL 7.5 x86_64 now, with the fission-dwp.exp board. Assuming the dimensions thing above is correct, is this ok to commit? Cheers, Gary