|
From: | He Jingxuan |
Subject: | Re: Report UBSan integer overflow bugs found by automatic tools |
Date: | Thu, 29 Jul 2021 15:09:40 +0000 |
Dear Alan,
Thanks for your information!
UBSan indeed has an option to turn on complaints about unsigned integer overflow (-fsanitize=unsigned-integer-overflow). Unsigned integer overflow has caused bugs in binutils
that were fixed (see https://sourceware.org/bugzilla/show_bug.cgi?id=24131 for example).
Based on our inspection, most bugs reported by us result in wrong offsets or addresses. The *.err files provide exact bug location and bug triggering values, which
can be used to quickly decide if the bugs are true or false positives. Could you please take a deeper look into the bugs?
For example, objcopy02.err shows that the bug happens at line 397 of file bfd/bfdio.c, which causes the bfd file (variable abfd) points to a wrong position (abfd->where overflows):
int
bfd_seek (bfd *abfd, file_ptr position, int direction)
{
...
abfd->where += position; // line 397
...
}
Best,
Jingxuan
|
[Prev in Thread] | Current Thread | [Next in Thread] |