https://sourceware.org/bugzilla/show_bug.cgi?id=31009
--- Comment #6 from Michael Matz <matz at suse dot de> --- (In reply to Jonny Weir from comment #5) > Ignore that last message, it is misleading, this is a more accurate > representation of what is happening with the values: Ah, yes. I was suspecting already that you were printing the value*2/3. Anyway: > bfdtab->count + 1 = 1598 | table->nbuckets = 524288 | table->nbuckets * 2 / > 3 = 349525 > bfdtab->count + 1 = 1599 | table->nbuckets = 2147483648 | table->nbuckets * > 2 / 3 = 0 Yeez! One of the input sections is projected to possibly add 2 billion strings. Can you perhaps add some printfs to sec_merge_maybe_resize (the only place that does increase nbuckets)? Similar to below, maybe also add printf's for each early-out (all the 'return false' in there). And then we need to trace why the overflow isn't detected earlier (I tried to make it so that it does, obviously I failed, that's what the 'return false' are for, after all) and isn't gracefully handled. diff --git a/bfd/merge.c b/bfd/merge.c index 722e6659486..b36cee49b3a 100644 --- a/bfd/merge.c +++ b/bfd/merge.c @@ -175,12 +175,14 @@ sec_merge_maybe_resize (struct sec_merge_hash *table, unsigned added) uint64_t *newl; unsigned long alloc; + printf ("XXX resize 1: count=%u added=%u newnb=%lu\n", bfdtab->count, added, newnb); while (bfdtab->count + added > newnb * 2 / 3) { newnb *= 2; if (!newnb) return false; } + printf ("XXX resize 2: newnb=%lu\n", newnb); alloc = newnb * sizeof (newl[0]); if (alloc / sizeof (newl[0]) != newnb) -- You are receiving this mail because: You are on the CC list for the bug.