On 2015-06-24 11:14, Mark Wielaard wrote:
The attached file will cause a huge malloc allocation with elfutils' nm
tool. This will crash if you try to run it with address sanitizer.
The reason is likely that nm will try to allocate space for something
based on the header value - no matter if that value makes any sense. A
sanity check that checks in such cases if the file itself is smaller
than the supposedly allocated memory could avoid that.
I've reported several similar issues before. Mark replied:
"I believe the "Argument 'size' of function malloc has a fishy (possibly
negative) value" in dwarf_begin_elf.c (check_section) is correct, but
harmless. We do check the value doesn't actually overflow, the allocation
will likely fail, but that is also checked."
[skip]
But in this case as far as I know these kind of malloc argument checks
are indeed just noise. We do check the results of malloc everywhere
(or should at least). I might be wrong of course, or miss something
subtle. So please do let me know if you think it is something to fix
differently from how we handle it currently.
gcc doesn't support objects more than half the address space in size --
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67999 . So if you are
malloc'ing >2GB on 32-bit platforms you should be concerned.
--
Alexander Cherepanov
