From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 8658 invoked by alias); 13 May 2005 15:25:56 -0000 Mailing-List: contact gdb-help@sources.redhat.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sources.redhat.com Received: (qmail 8219 invoked from network); 13 May 2005 15:25:33 -0000 Received: from unknown (HELO nevyn.them.org) (66.93.172.17) by sourceware.org with SMTP; 13 May 2005 15:25:33 -0000 Received: from drow by nevyn.them.org with local (Exim 4.50) id 1DWc2e-0002HS-Mh; Fri, 13 May 2005 11:25:32 -0400 Date: Fri, 13 May 2005 15:25:00 -0000 From: Daniel Jacobowitz To: "Cuthbertson, Reva D." Cc: gdb@sources.redhat.com Subject: Re: Is it possible to overflow baton->size in dwarf_mark_symbols_computed() in dwarf2read.c? Message-ID: <20050513152532.GA8589@nevyn.them.org> Mail-Followup-To: "Cuthbertson, Reva D." , gdb@sources.redhat.com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.8i X-SW-Source: 2005-05/txt/msg00150.txt.bz2 On Fri, May 13, 2005 at 08:18:47AM -0700, Cuthbertson, Reva D. wrote: > Hello, > > I had a question regarding the following assignment in > dwarf2_mark_symbol_computed() in dwarf2read.c: > > baton->size = dwarf2_per_objfile->loc_size - DW_UNSND (attr); > > The field "loc_size" in dwarf2_per_objfile is declared to be an unsigned > integer and attr.u.unsnd (expansion of DW_UNSND (attr)) is declared to > be an unsigned long but the "size" field in dwarf2_loclist_baton and > dwarf2_locexpr_baton defined in dwarf2loc.h is defined to be an unsigned > short. Is it possible to overflow baton->size with the above > calculation? Yes, this seems possible. Size is used for overflow checking only at this point; saturating at USHORT_MAX seems reasonable. Have you encountered this problem? -- Daniel Jacobowitz CodeSourcery, LLC