From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16397 invoked by alias); 13 May 2005 15:37:52 -0000 Mailing-List: contact gdb-help@sources.redhat.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sources.redhat.com Received: (qmail 16313 invoked from network); 13 May 2005 15:37:42 -0000 Received: from unknown (HELO palrel10.hp.com) (156.153.255.245) by sourceware.org with SMTP; 13 May 2005 15:37:42 -0000 Received: from cacexg11.americas.cpqcorp.net (cacexg11.americas.cpqcorp.net [16.92.1.67]) by palrel10.hp.com (Postfix) with ESMTP id 12EA8F34; Fri, 13 May 2005 08:37:42 -0700 (PDT) Received: from cacexc04.americas.cpqcorp.net ([16.92.1.26]) by cacexg11.americas.cpqcorp.net with Microsoft SMTPSVC(6.0.3790.211); Fri, 13 May 2005 08:37:41 -0700 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: Is it possible to overflow baton->size in dwarf_mark_symbols_computed() in dwarf2read.c? Date: Fri, 13 May 2005 15:37:00 -0000 Message-ID: From: "Cuthbertson, Reva D." To: "Daniel Jacobowitz" Cc: X-OriginalArrivalTime: 13 May 2005 15:37:41.0949 (UTC) FILETIME=[B3659ED0:01C557D1] X-SW-Source: 2005-05/txt/msg00151.txt.bz2 Yes, I ran into the problem. I tried changing the declaration of the "size" field in dwarf2_loclist_baton and dwarf2_locexpr_baton in dwarf2loc.h to be an unsigned integer instead and that seemed to fix the problem I encountered. Do you think this a reasonable solution? Thanks! Reva Cuthbertson reva.cuthbertson@hp.com -----Original Message----- From: Daniel Jacobowitz [mailto:drow@false.org]=20 Sent: Friday, May 13, 2005 8:26 AM To: Cuthbertson, Reva D. Cc: gdb@sources.redhat.com Subject: Re: Is it possible to overflow baton->size in dwarf_mark_symbols_computed() in dwarf2read.c? On Fri, May 13, 2005 at 08:18:47AM -0700, Cuthbertson, Reva D. wrote: > Hello, >=20 > I had a question regarding the following assignment in > dwarf2_mark_symbol_computed() in dwarf2read.c: >=20 > baton->size =3D dwarf2_per_objfile->loc_size - DW_UNSND (attr); >=20 > The field "loc_size" in dwarf2_per_objfile is declared to be an unsigned > integer and attr.u.unsnd (expansion of DW_UNSND (attr)) is declared to > be an unsigned long but the "size" field in dwarf2_loclist_baton and > dwarf2_locexpr_baton defined in dwarf2loc.h is defined to be an unsigned > short. Is it possible to overflow baton->size with the above > calculation? Yes, this seems possible. Size is used for overflow checking only at this point; saturating at USHORT_MAX seems reasonable. Have you encountered this problem? --=20 Daniel Jacobowitz CodeSourcery, LLC