Date: Sun, 8 Jul 2018 08:47:38 -0700 From: Mark Millard <marklmi@yahoo.com> To: FreeBSD Toolchain <freebsd-toolchain@freebsd.org> Subject: src/contrib/elftoolchain/elfcopy/sections.c underallocates for Elf64_Rela and Elf32_Rela? Message-ID: <79954D9E-0A93-4148-A2C6-B5113E59AE28@yahoo.com>
next in thread | raw e-mail | index | archive | help
src/contrib/elftoolchain/elfcopy/sections.c has and uses the macro:
716 #define COPYREL(REL, SZ) do { =
\
717 if (nrels =3D=3D 0) { =
\
718 if ((REL##SZ =3D malloc(cap * =
\
719 sizeof(Elf##SZ##_Rel))) =3D=3D NULL) =
\
720 err(EXIT_FAILURE, "malloc failed"); =
\
721 } =
\
722 if (nrels >=3D cap) { =
\
723 cap *=3D 2; =
\
724 if ((REL##SZ =3D realloc(REL##SZ, cap * =
\
725 sizeof(Elf##SZ##_Rel))) =3D=3D NULL) =
\
726 err(EXIT_FAILURE, "realloc failed"); =
\
727 } =
\
728 REL##SZ[nrels].r_offset =3D REL.r_offset; =
\
729 REL##SZ[nrels].r_info =3D REL.r_info; =
\
730 if (s->type =3D=3D SHT_RELA) =
\
731 rela##SZ[nrels].r_addend =3D rela.r_addend; =
\
732 nrels++; =
\
733 } while (0)
The context has:
687 Elf32_Rel *rel32;
688 Elf64_Rel *rel64;
689 Elf32_Rela *rela32;
690 Elf64_Rela *rela64;
So for, say, COPYREL(rela,64), the macro uses sizeof(Elf64_Rel) instead
of sizeof(ELF64_Rela) in malloc and realloc but Elf64_Rela is the
larger structure of the two ELF64_ types (by also having .r_addend).
The scan build on ci.freebsd.org complains about this:
Result of 'realloc' is converted to a pointer of type 'Elf64_Rela', =
which is incompatible with sizeof operand type 'Elf64_Rel'
So far it does not look like a false-positive to me.
=3D=3D=3D
Mark Millard
marklmi at yahoo.com
( dsl-only.net went
away in early 2018-Mar)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?79954D9E-0A93-4148-A2C6-B5113E59AE28>