[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug ld/16720] New: wrong overflow check in R_MIPS_HI16
From: |
ma.jiang at zte dot com.cn |
Subject: |
[Bug ld/16720] New: wrong overflow check in R_MIPS_HI16 |
Date: |
Tue, 18 Mar 2014 07:37:51 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=16720
Bug ID: 16720
Summary: wrong overflow check in R_MIPS_HI16
Product: binutils
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: ma.jiang at zte dot com.cn
Created attachment 7478
--> https://sourceware.org/bugzilla/attachment.cgi?id=7478&action=edit
source file
There is a overflow check in mips ld.
=========================
=========================
===============
if (r_type == R_MIPS16_HI16)
value = mips_elf_high (addend + gp - p - 4);
else
value = mips_elf_high (addend + gp - p);
overflowed_p = mips_elf_overflow_p (value, 16);
=========================
=========================
===============
This check might have some problems when "addend + gp - p" is a negative
number.In my cases, I got "addend + gp - p=-132666256".This number should
be ok
for a "R_MIPS16_HI16+R_MIPS16_LO16" as it obviously could be put into a
32bits-signed-int.
But, the ld throw a overflow error. First, it get a value=63512 from
mips_elf_high, then it check if this value could be put into a
16bits-signed-int in mips_elf_overflow_p. And of course, 63512 can not be p
ut
into a 16bits-signed-int.So,a wrong overflow error is generated fin
ally.
In my opinion, we only need to check whether "addend + gp - p" could be put
into a 32bits-signed-int in R_MIPS16_HI16. Because, a 32bits-signed-int can
be
expressed correctly by R_MIPS16_HI16+R_MIPS16_LO16. The code could be like:
bfd_vma offset;
if (r_type == R_MIPS16_HI16)
{
value = mips_elf_high (addend + gp - p - 4);
offset = addend + gp - p - 4;
}
else
{
value = mips_elf_high (addend + gp - p);
offset = addend + gp - p;
}
overflowed_p = mips_elf_overflow_p (offset, 32);
****************************************************************************
This bug can be reproduced by attached files, using commands like:
gcc ldtest.c -o ldtest -Wl,-T bug.lds -static -fPIC
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug ld/16720] New: wrong overflow check in R_MIPS_HI16,
ma.jiang at zte dot com.cn <=