[Bug binutils/28687] New: Undefined behavior in bfd/dwarf1.c

[npv1310 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=28687

            Bug ID: 28687
           Summary: Undefined behavior in bfd/dwarf1.c
           Product: binutils
           Version: 2.38 (HEAD)
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: npv1310 at gmail dot com
  Target Milestone: ---

In function 'parse_die' there is an undefined behavior in expressions like xptr
+ block_len < xptr. Due to variable 'block_len' being unsigned integer, such
expressions may be completely omitted by compiler as demonstrated by the
following proof-of-concept:

The function

int test(char *p, unsigned int sz)
{
        return p + sz < p;
}

may be turned into the following assembly code

        .file   "test.c"
        .text
        .p2align 4,,15
        .globl  test
        .type   test, @function
test:
.LFB0:
        .cfi_startproc
        xorl    %eax, %eax
        ret
        .cfi_endproc
.LFE0:
        .size   test, .-test
        .ident  "GCC: (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0"
        .section        .note.GNU-stack,"",@progbits

by the command 

gcc -O2 -S -o- test.c

So the external function 'test' always returns 0.

To be precise, the issues comes in the code fragments labeled with
'FORM_BLOCK2' and 'FORM_BLOCK4'.

-- 
You are receiving this mail because:
You are on the CC list for the bug.