This is the mail archive of the
mailing list for the elfutils project.
Re: malformed elf causes invalid shiftleft in readelf -S with ubsan
- From: Josh Stone <jistone at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Sun, 25 Jan 2015 14:30:52 -0800
- Subject: Re: malformed elf causes invalid shiftleft in readelf -S with ubsan
On 01/25/2015 11:42 AM, Hanno Böck wrote:
> When compiling elfutils with undefined behaviour sanitizer
> (-fsanitize=undefined) a warning will be shown indicating an invalid
> shiftleft operation on the attached elf file:
> readelf.c:1133:28: runtime error: left shift of 1 by 31 places cannot
> be represented in type 'int'
> Tested with elfutils-0.161. This was found with zzuf.
Ah, this has nothing to do with your input -- "readelf -S readelf" also
triggers the same message.
That line is:
if (shdr->sh_flags & SHF_EXCLUDE)
That macro is:
#define SHF_EXCLUDE (1 << 31)
Now, shdr is GElf_Shdr*, a typedef of Elf64_Shdr, so sh_flags is
Elf64_Xword. Even the 32-bit case has Elf32_Word, which is unsigned so
it would be fine. But (1 << 31) will be evaluated as int *before* the
type promotion for "&". It should probably be (1U << 31) instead, and
maybe use 1U for all flags to be consistent.