From patchwork Fri Mar 13 21:28:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Matthias_M=C3=A4nnich?= X-Patchwork-Id: 39035 From: maennich@google.com (Matthias Maennich) Date: Fri, 13 Mar 2020 22:28:26 +0100 Subject: [PATCH] dwarf-reader: gnu_hash_tab lookup: fix overflow in bloom hash calculation Message-ID: <20200313212826.124077-1-maennich@google.com> For valid values of h1/h2 and c, the signed integer left shift expression (1 << (h1 % c)) might overflow, exposing undefined behaviour. Fix that by using a data type that can hold the value. That issue had been reported by ASAN when running test-lookup-syms: src/abg-dwarf-reader.cc:2028:50: runtime error: shift exponent 53 is too large for 32-bit type 'int' * src/abg-dwarf-reader.cc(lookup_symbol_from_gnu_hash_tab): Fix signed integer overflow. Signed-off-by: Matthias Maennich --- src/abg-dwarf-reader.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/abg-dwarf-reader.cc b/src/abg-dwarf-reader.cc index a60f46255c16..3454fcf5cf7c 100644 --- a/src/abg-dwarf-reader.cc +++ b/src/abg-dwarf-reader.cc @@ -2025,7 +2025,7 @@ lookup_symbol_from_gnu_hash_tab(const environment* env, // filter, in bits. int c = get_elf_class_size_in_bytes(elf_handle) * 8; int n = (h1 / c) % ht.bf_nwords; - unsigned char bitmask = (1 << (h1 % c)) | (1 << (h2 % c)); + unsigned char bitmask = (1ul << (h1 % c)) | (1ul << (h2 % c)); // Test if the symbol is *NOT* present in this ELF file. if ((bloom_word_at(elf_handle, ht.bloom_filter, n) & bitmask) != bitmask)