This is the mail archive of the gdb@sources.redhat.com mailing list for the GDB project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Is it possible to overflow baton->size in dwarf_mark_symbols_computed() in dwarf2read.c?

From: Daniel Jacobowitz <drow at false dot org>
To: "Cuthbertson, Reva D." <reva_cuthbertson at hp dot com>
Cc: gdb at sources dot redhat dot com
Date: Fri, 13 May 2005 11:25:32 -0400
Subject: Re: Is it possible to overflow baton->size in dwarf_mark_symbols_computed() in dwarf2read.c?
References: <B6C7F31B85669143825614FC8FE64929040F79D1@cacexc04.americas.cpqcorp.net>

On Fri, May 13, 2005 at 08:18:47AM -0700, Cuthbertson, Reva D. wrote:
> Hello,
> 
> I had a question regarding the following assignment in
> dwarf2_mark_symbol_computed() in dwarf2read.c:
> 
> baton->size = dwarf2_per_objfile->loc_size - DW_UNSND (attr);
> 
> The field "loc_size" in dwarf2_per_objfile is declared to be an unsigned
> integer and attr.u.unsnd (expansion of DW_UNSND (attr)) is declared to
> be an unsigned long but the "size" field in dwarf2_loclist_baton and
> dwarf2_locexpr_baton defined in dwarf2loc.h is defined to be an unsigned
> short.  Is it possible to overflow baton->size with the above
> calculation?

Yes, this seems possible.  Size is used for overflow checking only at
this point; saturating at USHORT_MAX seems reasonable.

Have you encountered this problem?

-- 
Daniel Jacobowitz
CodeSourcery, LLC

References:
- Is it possible to overflow baton->size in dwarf_mark_symbols_computed() in dwarf2read.c?
  - From: Cuthbertson, Reva D.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]