diff mbox series

dwarf-reader: gnu_hash_tab lookup: fix overflow in bloom hash calculation

Message ID 20200313212826.124077-1-maennich@google.com
State Committed
Headers show
Series dwarf-reader: gnu_hash_tab lookup: fix overflow in bloom hash calculation | expand

Commit Message

Matthias Maennich March 13, 2020, 9:28 p.m. UTC
For valid values of h1/h2 and c, the signed integer left shift
expression (1 << (h1 % c)) might overflow, exposing undefined behaviour.
Fix that by using a data type that can hold the value.

That issue had been reported by ASAN when running test-lookup-syms:
	src/abg-dwarf-reader.cc:2028:50: runtime error:
		shift exponent 53 is too large for 32-bit type 'int'

	* src/abg-dwarf-reader.cc(lookup_symbol_from_gnu_hash_tab): Fix
	signed integer overflow.

Signed-off-by: Matthias Maennich <maennich@google.com>
---
 src/abg-dwarf-reader.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Dodji Seketeli March 17, 2020, 5:35 p.m. UTC | #1
Hello Matthias,

Matthias Maennich <maennich@google.com> a ?crit:

> For valid values of h1/h2 and c, the signed integer left shift
> expression (1 << (h1 % c)) might overflow, exposing undefined behaviour.
> Fix that by using a data type that can hold the value.
>
> That issue had been reported by ASAN when running test-lookup-syms:
> 	src/abg-dwarf-reader.cc:2028:50: runtime error:
> 		shift exponent 53 is too large for 32-bit type 'int'
>
> 	* src/abg-dwarf-reader.cc(lookup_symbol_from_gnu_hash_tab): Fix
> 	signed integer overflow.

This looks good to me.  I have applied it to master.

Thanks!
diff mbox series

Patch

diff --git a/src/abg-dwarf-reader.cc b/src/abg-dwarf-reader.cc
index a60f46255c16..3454fcf5cf7c 100644
--- a/src/abg-dwarf-reader.cc
+++ b/src/abg-dwarf-reader.cc
@@ -2025,7 +2025,7 @@  lookup_symbol_from_gnu_hash_tab(const environment*		env,
   // filter, in bits.
   int c = get_elf_class_size_in_bytes(elf_handle) * 8;
   int n =  (h1 / c) % ht.bf_nwords;
-  unsigned char bitmask = (1 << (h1 % c)) | (1 << (h2 % c));
+  unsigned char bitmask = (1ul << (h1 % c)) | (1ul << (h2 % c));
 
   // Test if the symbol is *NOT* present in this ELF file.
   if ((bloom_word_at(elf_handle, ht.bloom_filter, n) & bitmask) != bitmask)