Bug 17453

Fix for 2)

diff --git a/binutils/readelf.c b/binutils/readelf.c
index d9c12cc8da61..1a4c4b6bea0c 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -4400,7 +4400,7 @@ process_program_headers (FILE * file)
                error (_("Internal error: failed to create format string to display program interpreter\n"));
 
              program_interpreter[0] = 0;
-             if (fscanf (file, fmt, program_interpreter) <= 0)
+             if (fscanf (file, fmt, program_interpreter - 1) <= 0)
                error (_("Unable to read program interpreter name\n"));
 
              if (do_segments)

Please disregard comment2.

Here's a list of issues found with  -fsanitize=undefined: 

libbfd.c:739:10: runtime error: signed integer overflow: 9223372036854775804 - -9223372036854775808 cannot be represented in type 'long'
read.c:1707:24: runtime error: left shift of 2 by 63 places cannot be represented in type 'offsetT' (aka 'long')
write.c:2312:17: runtime error: left shift of negative value -1
config/tc-i386.c:1978:27: runtime error: left shift of negative value -1
config/tc-i386.c:1979:22: runtime error: left shift of negative value -1
config/tc-i386.c:1979:53: runtime error: left shift of negative value -1
cp-demangle.c:4059:47: runtime error: variable length array bound evaluates to non-positive value 0
cp-demangle.c:4060:49: runtime error: variable length array bound evaluates to non-positive value 0
dwarf.c:262:19: runtime error: left shift of negative value -1
dwarf.c:2669:23: runtime error: left shift of 251 by 24 places cannot be represented in type 'int'
elflink.c:78:12: runtime error: member access within null pointer of type 'struct elf_link_hash_entry'
expr.c:1024:31: runtime error: negation of -9223372036854775808 cannot be represented in type 'offsetT' (aka 'long'); cast to an unsigned type to negate this value to itself

Possible fix for 2)

diff --git a/binutils/readelf.c b/binutils/readelf.c
index d9c12cc8da61..924d45f8c180 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -179,7 +179,7 @@ static Elf_Internal_Sym * dynamic_symbols;
 static Elf_Internal_Syminfo * dynamic_syminfo;
 static unsigned long dynamic_syminfo_offset;
 static unsigned int dynamic_syminfo_nent;
-static char program_interpreter[PATH_MAX];
+static char program_interpreter[PATH_MAX + 1];
 static bfd_vma dynamic_info[DT_ENCODING];
 static bfd_vma dynamic_info_DT_GNU_HASH;
 static bfd_vma version_info[16];

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gdb and binutils".

The branch, master has been updated
       via  9495b2e66f772783eb89cfa755e1e09641fa44eb (commit)
      from  daf5e10e4cb2c5e502950dae5da5936d9a3d5a79 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9495b2e66f772783eb89cfa755e1e09641fa44eb

commit 9495b2e66f772783eb89cfa755e1e09641fa44eb
Author: Alan Modra <amodra@gmail.com>
Date:   Tue Oct 14 13:30:57 2014 +1030

    Correct fscanf char field count
    
    %<number>s as an fscanf format does not include the trailing NULL.
    PATH_MAX does include the trailing NULL.
    
    	PR 17453
    	* readelf.c (process_program_headers): Correct fscanf format used
    	for interpreter.

-----------------------------------------------------------------------

Summary of changes:
 binutils/ChangeLog |   10 ++++++++--
 binutils/readelf.c |    2 +-
 2 files changed, 9 insertions(+), 3 deletions(-)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gdb and binutils".

The branch, master has been updated
       via  65879393f04e14a9ab8797a8e66e0ec8d94108b5 (commit)
      from  9495b2e66f772783eb89cfa755e1e09641fa44eb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65879393f04e14a9ab8797a8e66e0ec8d94108b5

commit 65879393f04e14a9ab8797a8e66e0ec8d94108b5
Author: Alan Modra <amodra@gmail.com>
Date:   Tue Oct 14 13:36:20 2014 +1030

    Avoid undefined behaviour with signed expressions
    
    	PR 17453
    bfd/
    	* libbfd.c (COERCE16, COERCE32, COERCE64): Use unsigned types.
    	(EIGHT_GAZILLION): Delete.
    binutils/
    	* dwarf.c (read_leb128): Avoid signed overflow.
    	(read_debug_line_header): Likewise.
    gas/
    	* config/tc-i386.c (fits_in_signed_long): Use unsigned param and
    	expression to avoid signed overflow.
    	(fits_in_signed_byte, fits_in_unsigned_byte, fits_in_unsigned_word,
    	fits_in_signed_word, fits_in_unsigned_long): Similarly.
    	* expr.c (operand <'-'>): Avoid signed overflow.
    	* read.c (s_comm_internal): Likewise.

-----------------------------------------------------------------------

Summary of changes:
 bfd/ChangeLog        |    6 ++++++
 bfd/libbfd.c         |    7 +++----
 binutils/ChangeLog   |    6 ++++++
 binutils/dwarf.c     |    8 ++------
 gas/ChangeLog        |   10 ++++++++++
 gas/config/tc-i386.c |   25 ++++++++++++-------------
 gas/expr.c           |    3 ++-
 gas/read.c           |    2 +-
 gas/write.c          |    2 +-
 9 files changed, 43 insertions(+), 26 deletions(-)

Thanks Markus.  I've fixed most of these issues, and opened pr17482 for the x86_64 tls problem.  I haven't fixed the -fsanitize=undefined problem with libiberty/cp-demangle.c.  These should be reported in gcc's bugzilla.  I also haven't fixed the elflink.c -fsanitize=undefined error since I think that one may be a bug in the sanitizer.