bug-binutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug gas/30857] Use of uninitialized memory

From: jacob at jacob dot remcomp.fr
Subject: [Bug gas/30857] Use of uninitialized memory
Date: Fri, 15 Sep 2023 10:53:50 +0000 
https://sourceware.org/bugzilla/show_bug.cgi?id=30857

--- Comment #1 from jacob at jacob dot remcomp.fr ---
Wow, actually, bugzilla goes into this group!

What is the point then of telling me to « go to bugzilla » ???

I just do not understand this group really.

Jacob


> Le 15 sept. 2023 à 12:48, jacob at jacob dot remcomp.fr 
> <sourceware-bugzilla@sourceware.org> a écrit :
> 
> https://sourceware.org/bugzilla/show_bug.cgi?id=30857
> 
>            Bug ID: 30857
>           Summary: Use of uninitialized memory
>           Product: binutils
>           Version: 2.15
>            Status: UNCONFIRMED
>          Severity: normal
>          Priority: P2
>         Component: gas
>          Assignee: unassigned at sourceware dot org
>          Reporter: jacob at jacob dot remcomp.fr
>  Target Milestone: ---
> 
> FUNCTION: riscv_ip_hardcode
> FILE: gas/config/tc-riscv.c LINE: 3682
> Problem: Usage of uninitialized memory.
> Variable: Local variable of type "riscv_opcode *" insn.
> 
> Description:
> This variable is initialized with a call to XNEW(struct riscv_opcode);
> 3721:   insn = XNEW(struct riscv_opcode);
> All fields of this structure are garbage since we called malloc.
> The next line initializes ONE of those fields:
> 3722:   insn->match = values[num - 1];
> Then, a call to "create_insn" is done:
>        create_insn(ip,insn);
> The function "create_insn" initializes its left argument with the values of
> its right argument. In this case however, it will "initialize" its left
> argument with a structure that contains mostly garbage since only ONE field
> has been really initialized!
> 
> There is only ONE place where riscv_ip_hardcode is called: in function
> s_riscv_insn. After the call, s_riscv_insn assumes that insn has been
> correctly initialized and makes:
> 4868:   gas_assert(insn.insn_mo->pinfo != INSN_MACRO);
> without realizing that insn.insn_mo->pinfo is a garbage value.
> 
> Analysis: Garbage values are unlike to be 0xffffffff, the value of 
> INSN_MACRO, so in most cases this inequality will be true, and the code
> continues to run as if nothing would be wrong. In some cases the code
> will fail with an "assertion failed" message. Since this bug is not
> reproducible... any bug reports will be discarded.
> 
> HOW TO FIX:
> 1) Intead of calling XNEW call XCNEW that calls calloc instead of malloc.
>  This will ensure that the inequality will fail.
> 2) Initialize all values to sensible values. This is much more difficult and
>  involves much more effort, probably for nothing since those values aren't
>  used.
> 
> -- 
> You are receiving this mail because:
> You reported the bug.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]