dwarf-reader: gnu_hash_tab lookup: fix overflow in bloom hash calculation
Commit Message
For valid values of h1/h2 and c, the signed integer left shift
expression (1 << (h1 % c)) might overflow, exposing undefined behaviour.
Fix that by using a data type that can hold the value.
That issue had been reported by ASAN when running test-lookup-syms:
src/abg-dwarf-reader.cc:2028:50: runtime error:
shift exponent 53 is too large for 32-bit type 'int'
* src/abg-dwarf-reader.cc(lookup_symbol_from_gnu_hash_tab): Fix
signed integer overflow.
Signed-off-by: Matthias Maennich <maennich@google.com>
---
src/abg-dwarf-reader.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Hello Matthias,
Matthias Maennich <maennich@google.com> a ?crit:
> For valid values of h1/h2 and c, the signed integer left shift
> expression (1 << (h1 % c)) might overflow, exposing undefined behaviour.
> Fix that by using a data type that can hold the value.
>
> That issue had been reported by ASAN when running test-lookup-syms:
> src/abg-dwarf-reader.cc:2028:50: runtime error:
> shift exponent 53 is too large for 32-bit type 'int'
>
> * src/abg-dwarf-reader.cc(lookup_symbol_from_gnu_hash_tab): Fix
> signed integer overflow.
This looks good to me. I have applied it to master.
Thanks!
@@ -2025,7 +2025,7 @@ lookup_symbol_from_gnu_hash_tab(const environment* env,
// filter, in bits.
int c = get_elf_class_size_in_bytes(elf_handle) * 8;
int n = (h1 / c) % ht.bf_nwords;
- unsigned char bitmask = (1 << (h1 % c)) | (1 << (h2 % c));
+ unsigned char bitmask = (1ul << (h1 % c)) | (1ul << (h2 % c));
// Test if the symbol is *NOT* present in this ELF file.
if ((bloom_word_at(elf_handle, ht.bloom_filter, n) & bitmask) != bitmask)