23320 – Incorrect usage of sizeof

Bug 23320 - Incorrect usage of sizeof

Summary: Incorrect usage of sizeof

Status:	RESOLVED FIXED

Alias:	None

Product:	elfutils
Classification:	Unclassified
Component:	general (show other bugs)
Version:	unspecified

Importance:	P2 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-06-20 17:13 UTC by serban
Modified:	2018-06-20 21:21 UTC (History)
CC List:	2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description serban 2018-06-20 17:13:07 UTC

The following diff show the incorrect usages of the sizeof routine:
--> git diff src/ar.c src/nm.c src/readelf.c
diff --git a/src/ar.c b/src/ar.c
index bfb324c..58c8b11 100644
--- a/src/ar.c
+++ b/src/ar.c
@@ -919,7 +919,7 @@ do_oper_delete (const char *arfname, char **argv, int argc,
                long int instance)
 {
   bool *found = alloca (sizeof (bool) * argc);
-  memset (found, '\0', sizeof (found));
+  memset (found, '\0', sizeof (bool) * argc);
 
   /* List of the files we keep.  */
   struct armem *to_copy = NULL;
diff --git a/src/nm.c b/src/nm.c
index f78861e..6c86298 100644
--- a/src/nm.c
+++ b/src/nm.c
@@ -752,7 +752,7 @@ show_symbols_sysv (Ebl *ebl, GElf_Word strndx, const char *fullname,
       if (unlikely (name == NULL))
        {
          name = alloca (sizeof "[invalid sh_name 0x12345678]");
-         snprintf (name, sizeof name, "[invalid sh_name %#" PRIx32 "]",
+         snprintf (name, sizeof "[invalid sh_name 0x12345678]", "[invalid sh_name %#" PRIx32 "]",
                    gelf_getshdr (scn, &shdr_mem)->sh_name);
        }
       scnnames[elf_ndxscn (scn)] = name;
diff --git a/src/readelf.c b/src/readelf.c
index 4032bd4..69b2abb 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -4787,7 +4787,7 @@ register_info (Ebl *ebl, unsigned int regno, const Ebl_Register_Location *loc,
                                 bits ?: &ignore, type ?: &ignore);
   if (n <= 0)
     {
-      snprintf (name, sizeof name, "reg%u", loc->regno);
+      snprintf (name, REGNAMESZ, "reg%u", loc->regno);
       if (bits != NULL)
        *bits = loc->bits;
       if (type != NULL)

Comment 1 Mark Wielaard 2018-06-20 20:11:56 UTC

Thanks, but I believe you are using an old version of elfutils.
In the current code these bugs have already been fixed by:

commit 1a4d0668d18bf1090c5c08cdb5cb3ba2b8eb5410
Author: David Abdurachmanov <David.Abdurachmanov@cern.ch>
Date:   Sun Jan 13 16:44:21 2013 +0100

    ar.c (do_oper_delete): Fix num passed to memset.
    
    Signed-off-by: David Abdurachmanov <David.Abdurachmanov@cern.ch>

commit 57bd66cabf6e6b9ecf622cdbf350804897a8df58
Author: Roland McGrath <roland@hack.frob.com>
Date:   Tue Dec 11 09:42:07 2012 -0800

    nm: Fix size passed to snprintf for invalid sh_name case.
    
    Signed-off-by: Roland McGrath <roland@hack.frob.com>

commit 8d1e297a883c35eae53914a1739fdf0bfb590a6e
Author: Marek Polacek <mpolacek@redhat.com>
Date:   Tue Oct 4 05:11:42 2011 -0400

    readelf.c: Assume the right size of an array

Comment 2 serban 2018-06-20 21:12:08 UTC

Darn, yes, I cloned from another fork, don't know how.  I re-cloned from upstream and it build w/no problems now.

Comment 3 Mark Wielaard 2018-06-20 21:21:25 UTC

No worries, the issues were real. Just already solved.