From owner-freebsd-toolchain@freebsd.org Sun Jul 8 16:03:54 2018 Return-Path: Delivered-To: freebsd-toolchain@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D77DD1034228 for ; Sun, 8 Jul 2018 16:03:53 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 488B87BA60 for ; Sun, 8 Jul 2018 16:03:53 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by mail-wm0-x235.google.com with SMTP id n17-v6so18372768wmh.2 for ; Sun, 08 Jul 2018 09:03:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=cGgd/95cA4gv72G93o1N+4H1dHdcIkkPw+3WdFBWY9U=; b=BWvfJpui/gCChzcrM4T+XmbzCt1HumAo9jpis6dVimmiE+ynOFL5zmFRJaDc/y7iPn sYmioSpV+IVn56jDyXAeCnfn3GzKgGTV2Y6Vh9q91rCW5Y9GyjTp72ppGZ9bvcDysFWS 4MfxtiAipNdLYtRnta6ao4SmnjQ5zvJmBivnuOnbOHWhX9qTl5PS8n7q0mAV9NGPUWUS CwfSBK0RQTJIzRK00VpuXSTIQ1F1KvnprqDTw1vv4bk1C+d1XYHk2781Z/jVP7y2ARxG WiSFgzf/BSH6DJ4gjbytbe7z43p/lRNzP9bjeINFHVcV2lvVrLIpiLCQJsO8A3Tg+s3a vx8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=cGgd/95cA4gv72G93o1N+4H1dHdcIkkPw+3WdFBWY9U=; b=Z075apWY84iY1x+vyE1K0W1E6n6r5P06d0J8ARLpBKIkztVQNWtCEqUbFMLZUJSTCZ GhW3jsS9fXEC2GLOe5VvnZQ387TmAbIt3Fw0074GDZiJfjodIL1ld/JfKmCYRit0CgUe VsnQA/b8E3UpkhwIix7cqrVmYUWx0PbS2vnDJTAKfKRMs7rjeadX+WnDMz4xwXptDsie aVOf2PakhnkJXyKkgRN/3fYd3XQZwzWuLz3zeMX0G90wTvfujsJ6rLEWp1r4Rkvpen7C dVHx+mpo4gWgIq6Ywemxpn5BK3YCKGIgL4O5sQJcU259PqNznbNoZAZ9eSnRtaxndLO9 Omiw== X-Gm-Message-State: APt69E35PzkRWC/yyQRCZxHytaibw8tW9sa5WQtM02F+Y3zNWJWNQhd2 FZZBHQIeu/BXSx7+9iex9O4= X-Google-Smtp-Source: AAOMgpdy3q700l5cDXQhmBO+fhULUfzJFnZarX666+E96lZctcjGOO8Ia3rt69P3IDp+WZK631/3cg== X-Received: by 2002:a1c:9382:: with SMTP id v124-v6mr11850517wmd.52.1531065832238; Sun, 08 Jul 2018 09:03:52 -0700 (PDT) Received: from pesky (174.red-81-43-74.staticip.rima-tde.net. [81.43.74.174]) by smtp.gmail.com with ESMTPSA id r17-v6sm4433205wrt.44.2018.07.08.09.03.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 08 Jul 2018 09:03:51 -0700 (PDT) Date: Sun, 8 Jul 2018 12:03:49 -0400 From: Mark Johnston To: Mark Millard Cc: FreeBSD Toolchain Subject: Re: src/contrib/elftoolchain/elfcopy/sections.c underallocates for Elf64_Rela and Elf32_Rela? Message-ID: <20180708160349.GC18193@pesky> References: <79954D9E-0A93-4148-A2C6-B5113E59AE28@yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <79954D9E-0A93-4148-A2C6-B5113E59AE28@yahoo.com> User-Agent: Mutt/1.10.0 (2018-05-17) X-BeenThere: freebsd-toolchain@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Maintenance of FreeBSD's integrated toolchain List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jul 2018 16:03:54 -0000 On Sun, Jul 08, 2018 at 08:47:38AM -0700, Mark Millard via freebsd-toolchain wrote: > src/contrib/elftoolchain/elfcopy/sections.c has and uses the macro: > > 716 #define COPYREL(REL, SZ) do { \ > 717 if (nrels == 0) { \ > 718 if ((REL##SZ = malloc(cap * \ > 719 sizeof(Elf##SZ##_Rel))) == NULL) \ > 720 err(EXIT_FAILURE, "malloc failed"); \ > 721 } \ > 722 if (nrels >= cap) { \ > 723 cap *= 2; \ > 724 if ((REL##SZ = realloc(REL##SZ, cap * \ > 725 sizeof(Elf##SZ##_Rel))) == NULL) \ > 726 err(EXIT_FAILURE, "realloc failed"); \ > 727 } \ > 728 REL##SZ[nrels].r_offset = REL.r_offset; \ > 729 REL##SZ[nrels].r_info = REL.r_info; \ > 730 if (s->type == SHT_RELA) \ > 731 rela##SZ[nrels].r_addend = rela.r_addend; \ > 732 nrels++; \ > 733 } while (0) > > The context has: > > 687 Elf32_Rel *rel32; > 688 Elf64_Rel *rel64; > 689 Elf32_Rela *rela32; > 690 Elf64_Rela *rela64; > > So for, say, COPYREL(rela,64), the macro uses sizeof(Elf64_Rel) instead > of sizeof(ELF64_Rela) in malloc and realloc but Elf64_Rela is the > larger structure of the two ELF64_ types (by also having .r_addend). > > The scan build on ci.freebsd.org complains about this: > > Result of 'realloc' is converted to a pointer of type 'Elf64_Rela', which is incompatible with sizeof operand type 'Elf64_Rel' > > So far it does not look like a false-positive to me. Looks like a valid bug to me. I think the following patch is needed: diff --git a/contrib/elftoolchain/elfcopy/sections.c b/contrib/elftoolchain/elfcopy/sections.c index b292d18693b4..92265289c7d1 100644 --- a/contrib/elftoolchain/elfcopy/sections.c +++ b/contrib/elftoolchain/elfcopy/sections.c @@ -716,13 +716,13 @@ filter_reloc(struct elfcopy *ecp, struct section *s) #define COPYREL(REL, SZ) do { \ if (nrels == 0) { \ if ((REL##SZ = malloc(cap * \ - sizeof(Elf##SZ##_Rel))) == NULL) \ + sizeof(*REL##SZ))) == NULL) \ err(EXIT_FAILURE, "malloc failed"); \ } \ if (nrels >= cap) { \ cap *= 2; \ if ((REL##SZ = realloc(REL##SZ, cap * \ - sizeof(Elf##SZ##_Rel))) == NULL) \ + sizeof(*REL##SZ))) == NULL) \ err(EXIT_FAILURE, "realloc failed"); \ } \ REL##SZ[nrels].r_offset = REL.r_offset; \