[Bug binutils/28687] Undefined behavior in bfd/dwarf1.c

[npv1310 at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=28687

--- Comment #1 from Nikita Popov <npv1310 at gmail dot com> ---
I've verified the case by performing these steps:

1) Configure the project:

binutils-gdb$ ./configure CFLAGS='-g -O2' CXXFLAGS='-g -O2' LDFLAGS='-g -O2'
host_configargs='--disable-option-checking --disable-silent-rules'

2) Observe compilation command for dwarf1.c; slightly modify it to produce
assembly listing instead:

binutils-gdb/bfd$ gcc -DHAVE_CONFIG_H -I. -DBINDIR=\"/usr/local/bin\"
-DLIBDIR=\"/usr/local/lib\" -I. -I. -I./../include -DHAVE_x86_64_elf64_vec
-DHAVE_i386_elf32_vec -DHAVE_iamcu_elf32_vec -DHAVE_x86_64_elf32_vec
-DHAVE_i386_pei_vec -DHAVE_x86_64_pe_vec -DHAVE_x86_64_pei_vec
-DHAVE_l1om_elf64_vec -DHAVE_k1om_elf64_vec -DHAVE_elf64_le_vec
-DHAVE_elf64_be_vec -DHAVE_elf32_le_vec -DHAVE_elf32_be_vec -W -Wall
-Wstrict-prototypes -Wmissing-prototypes -Wshadow -Wstack-usage=262144 -Werror
-I./../zlib -g -O2 -S dwarf1.c -o-

3) The C fragment

268:    case FORM_BLOCK4:
269:      if (xptr + 4 <= aDiePtrEnd)
270:        {
271:          block_len = bfd_get_32 (abfd, xptr);
272:          if (xptr + block_len > aDiePtrEnd
273:              || xptr + block_len < xptr)
274:            return false;
275:          xptr += block_len;
276:        }
277:      xptr += 4;
278:      break;

is turned into

.LVL22:
        .loc 1 272 0
        movl    %eax, %eax
        addq    %rax, %r14
.LVL23:
        cmpq    %r14, %r12
        jb      .L4
.LVL24:
.L19:
        .loc 1 277 0
        leaq    4(%r14), %rbx

by gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)

Note that the condition 'xptr + block_len < xptr' is completely omitted as is
clear from the assembly location markers.

-- 
You are receiving this mail because:
You are on the CC list for the bug.