From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 0D4C4389C423; Fri, 13 Nov 2020 17:03:32 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0D4C4389C423 From: "cvs-commit at gcc dot gnu.org" To: gdb-prs@sourceware.org Subject: [Bug gdb/26835] undefined behavior in arm_analyze_prologue: shift exponent 32 is too large for 32-bit type 'unsigned int' Date: Fri, 13 Nov 2020 17:03:32 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: gdb X-Bugzilla-Version: HEAD X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gdb-prs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-prs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Nov 2020 17:03:33 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D26835 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Simon Marchi : https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D9ecab40c77fd= 414fe408967d0f92f00494aa11b9 commit 9ecab40c77fd414fe408967d0f92f00494aa11b9 Author: Simon Marchi Date: Fri Nov 13 11:58:37 2020 -0500 gdb/arm: avoid undefined behavior shift when decoding immediate value When loading the code file provided in PR 26828 and GDB is build with UBSan, we get: Core was generated by `./Foo'. Program terminated with signal SIGABRT, Aborted. #0 0xb6c3809c in pthread_cond_wait () from /home/simark/build/binutils-gdb/gdb/repo/lib/libpthread.so.0 [Current thread is 1 (LWP 29367)] (gdb) bt /home/simark/src/binutils-gdb/gdb/arm-tdep.c:1551:30: runtime error: shift exponent 32 is too large for 32-bit type 'unsigned int' The sequence of instructions at pthread_cond_wait, in the libpthread.so.0 library, contains this instruction with an immediate constant with a "rotate amount" of 0: e24dd044 sub sp, sp, #68 ; 0x44 Since arm_analyze_prologue shifts by "32 - rotate amount", it does a 32 bit shift of a 32 bit type, which is caught by UBSan. Fix it by factoring out the decoding of immediates in a new function, arm_expand_immediate. I added a selftest for arm_analyze_prologue that replicates the instruction sequence. Without the fix, it crashes GDB if it is build with --enable-ubsan. I initially wanted to re-use the abstract_memory_reader class already in arm-tdep.c, used to make arm_process_record testable. However, arm_process_record and arm_analyze_prologue don't use the same kind of memory reading functions. arm_process_record uses a function that returns an error status on failure while arm_analyze_prologue uses one that throws an exception. Since i didn't want to introduce any other behavior change, I decided to just introduce a separate interface (arm_instruction_reader). It is derived from abstract_instruction_reader in aarch64-tdep.c. gdb/ChangeLog: PR gdb/26835 * arm-tdep.c (class arm_instruction_reader): New. (target_arm_instruction_reader): New. (arm_analyze_prologue): Add instruction reader parameter and use it. Use arm_expand_immediate. (class target_arm_instruction_reader): Adjust. (arm_skip_prologue): Adjust. (arm_expand_immediate): New. (arm_scan_prologue): Adjust. (arm_analyze_prologue_test): New. (class test_arm_instruction_reader): New. Change-Id: Ieb1c1799bd66f8c7421384f44f5c2777b578ff8d --=20 You are receiving this mail because: You are on the CC list for the bug.=