|Subject:||Re: Report UBSan integer overflow bugs found by automatic tools|
|Date:||Thu, 29 Jul 2021 15:09:40 +0000|
Thanks for your information!
UBSan indeed has an option to turn on complaints about unsigned integer overflow (-fsanitize=unsigned-integer-overflow). Unsigned integer overflow has caused bugs in binutils that were fixed (see https://sourceware.org/bugzilla/show_bug.cgi?id=24131 for example).
Based on our inspection, most bugs reported by us result in wrong offsets or addresses. The *.err files provide exact bug location and bug triggering values, which can be used to quickly decide if the bugs are true or false positives. Could you please take a deeper look into the bugs?
For example, objcopy02.err shows that the bug happens at line 397 of file bfd/bfdio.c, which causes the bfd file (variable abfd) points to a wrong position (abfd->where overflows):
bfd_seek (bfd *abfd, file_ptr position, int direction)
abfd->where += position; // line 397
|[Prev in Thread]||Current Thread||[Next in Thread]|