elf: Use the 64-bit wide 'seen' variable
Checks
Context |
Check |
Description |
dj/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
dj/TryBot-32bit |
success
|
Build for i686
|
Commit Message
The 32-bit 'seen' variable doesn't allow to check any auxiliary entry
type with a value greater than 31 as it leads to wrapping and crumbling
of the 'seen' variable.
For example, if AT_UID (which is 11) would precede AT_L1D_CACHEGEOMETRY
(which is 43), then uid would be overridden by an AT_L1D_CACHEGEOMETRY
value.
Using 64-bit wide 'seen' variable allows to handle such situations.
Signed-off-by: Nikita Ermakov <sh1r4s3@mail.si-head.nl>
---
elf/dl-sysdep.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
On Sat, Aug 07, 2021 at 05:22:23PM +0300, Nikita Ermakov via Libc-alpha wrote:
> The 32-bit 'seen' variable doesn't allow to check any auxiliary entry
> type with a value greater than 31 as it leads to wrapping and crumbling
> of the 'seen' variable.
>
> For example, if AT_UID (which is 11) would precede AT_L1D_CACHEGEOMETRY
> (which is 43), then uid would be overridden by an AT_L1D_CACHEGEOMETRY
> value.
>
> Using 64-bit wide 'seen' variable allows to handle such situations.
I agree with the analysis, but I'm not sure uint64_t would be the most
appropriate type in this case. I'd suggest to consider using uintmax_t
instead.
On Aug 09 2021, Dmitry V. Levin wrote:
> On Sat, Aug 07, 2021 at 05:22:23PM +0300, Nikita Ermakov via Libc-alpha wrote:
>> The 32-bit 'seen' variable doesn't allow to check any auxiliary entry
>> type with a value greater than 31 as it leads to wrapping and crumbling
>> of the 'seen' variable.
>>
>> For example, if AT_UID (which is 11) would precede AT_L1D_CACHEGEOMETRY
>> (which is 43), then uid would be overridden by an AT_L1D_CACHEGEOMETRY
>> value.
>>
>> Using 64-bit wide 'seen' variable allows to handle such situations.
>
> I agree with the analysis, but I'm not sure uint64_t would be the most
> appropriate type in this case. I'd suggest to consider using uintmax_t
> instead.
AT_* constants can be arbitrary so no type will fit. The right way to
fix that is to check the range.
Of course, this is only relevant for non-linux configurations.
Andreas.
Hi Andreas, Dmitry,
Thank you for the comments!
I'm sorry, I was rather busy past week so couldn't reply.
On Mon, Aug 09, 2021 at 09:48:38AM +0200, Andreas Schwab wrote:
> On Aug 09 2021, Dmitry V. Levin wrote:
>
> > On Sat, Aug 07, 2021 at 05:22:23PM +0300, Nikita Ermakov via Libc-alpha wrote:
> >> The 32-bit 'seen' variable doesn't allow to check any auxiliary entry
> >> type with a value greater than 31 as it leads to wrapping and crumbling
> >> of the 'seen' variable.
> >>
> >> For example, if AT_UID (which is 11) would precede AT_L1D_CACHEGEOMETRY
> >> (which is 43), then uid would be overridden by an AT_L1D_CACHEGEOMETRY
> >> value.
> >>
> >> Using 64-bit wide 'seen' variable allows to handle such situations.
> >
> > I agree with the analysis, but I'm not sure uint64_t would be the most
> > appropriate type in this case. I'd suggest to consider using uintmax_t
> > instead.
>
> AT_* constants can be arbitrary so no type will fit. The right way to
> fix that is to check the range.
>
> Of course, this is only relevant for non-linux configurations.
>
So, if AT_* constants can be arbitrary, then we could probably skip all
constants with a value > sizeof(uintmax_t)*8 and process the rest with the uintmax_t variable?
@@ -96,12 +96,12 @@ _dl_sysdep_start (void **start_argptr,
#else
uid_t uid = 0;
gid_t gid = 0;
- unsigned int seen = 0;
+ uint64_t seen = 0;
# define set_seen_secure() (seen = -1)
# ifdef HAVE_AUX_XID
# define set_seen(tag) (tag) /* Evaluate for the side effects. */
# else
-# define M(type) (1 << (type))
+# define M(type) ((uint64_t)1 << (type))
# define set_seen(tag) seen |= M ((tag)->a_type)
# endif
#endif