[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Report UBSan integer overflow bugs found by automatic tools

From: He Jingxuan
Subject: Re: Report UBSan integer overflow bugs found by automatic tools
Date: Thu, 29 Jul 2021 15:09:40 +0000

Dear Alan,

Thanks for your information!

UBSan indeed has an option to turn on complaints about unsigned integer overflow (-fsanitize=unsigned-integer-overflow). Unsigned integer overflow has caused bugs in binutils that were fixed (see https://sourceware.org/bugzilla/show_bug.cgi?id=24131 for example).

Based on our inspection, most bugs reported by us result in wrong offsets or addresses. The *.err files provide exact bug location and bug triggering values, which can be used to quickly decide if the bugs are true or false positives. Could you please take a deeper look into the bugs?

For example, objcopy02.err shows that the bug happens at line 397 of file bfd/bfdio.c, which causes the bfd file (variable abfd) points to a wrong position (abfd->where overflows):

bfd_seek (bfd *abfd, file_ptr position, int direction)
        abfd->where += position; // line 397


On 29 Jul 2021, at 16:07, Alan Modra <amodra@gmail.com> wrote:

On Thu, Jul 29, 2021 at 08:25:37AM +0000, He  Jingxuan wrote:
Dear binutils developers,

How is going with analyzing and fixing these bugs? Any feedback?

See https://lists.gnu.org/archive/html/bug-binutils/2021-06/msg00149.html
Your email was flagged as being malware and not delivered to anyone.

I see all of these reports are unsigned integer overflow, which is an
odd thing for ubsan to complain about.  Overflow of unsigned integers
is not undefined behaviour!

Alan Modra
Australia Development Lab, IBM

reply via email to

[Prev in Thread] Current Thread [Next in Thread]