[Bug ld/16720] New: wrong overflow check in R_MIPS

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug ld/16720] New: wrong overflow check in R_MIPS_HI16

From:	ma.jiang at zte dot com.cn
Subject:	[Bug ld/16720] New: wrong overflow check in R_MIPS_HI16
Date:	Tue, 18 Mar 2014 07:37:51 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=16720



            Bug ID: 16720

           Summary: wrong overflow check in R_MIPS_HI16

           Product: binutils

           Version: unspecified

            Status: NEW

          Severity: normal

          Priority: P2

         Component: ld

          Assignee: unassigned at sourceware dot org

          Reporter: ma.jiang at zte dot com.cn



Created attachment 7478

  --> https://sourceware.org/bugzilla/attachment.cgi?id=7478&action=edit

source file



There is a overflow check in mips ld.

=========================
=========================
===============

      if (r_type == R_MIPS16_HI16)

        value = mips_elf_high (addend + gp - p - 4);

      else

        value = mips_elf_high (addend + gp - p);

      overflowed_p = mips_elf_overflow_p (value, 16);

=========================
=========================
===============

This check might have some problems when "addend + gp - p" is a negative

number.In my cases, I got "addend + gp - p=-132666256".This number should
 be ok

for a "R_MIPS16_HI16+R_MIPS16_LO16" as it obviously could be put into a

32bits-signed-int.

But, the ld throw a overflow error. First, it get a value=63512 from

mips_elf_high, then it check if this value could be put into a

16bits-signed-int in mips_elf_overflow_p. And of course, 63512 can not be p
ut

into a 16bits-signed-int.So，a wrong overflow error is generated fin
ally.

In my opinion, we only need to check whether "addend + gp - p"  could be put

into a 32bits-signed-int in R_MIPS16_HI16. Because, a 32bits-signed-int can
 be

expressed correctly by R_MIPS16_HI16+R_MIPS16_LO16. The code could be like:

      bfd_vma offset;

      if (r_type == R_MIPS16_HI16)

      {

            value = mips_elf_high (addend + gp - p - 4);

            offset = addend + gp - p - 4;

      }

      else

      {

              value = mips_elf_high (addend + gp - p);

            offset = addend + gp - p;

      }

      overflowed_p = mips_elf_overflow_p (offset, 32);

****************************************************************************

This bug can be reproduced by attached files, using commands like:

gcc ldtest.c -o ldtest -Wl,-T bug.lds  -static -fPIC



-- 

You are receiving this mail because:

You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug ld/16720] New: wrong overflow check in R_MIPS_HI16, ma.jiang at zte dot com.cn <=
- [Bug ld/16720] wrong overflow check in R_MIPS_HI16, ma.jiang at zte dot com.cn, 2014/03/18

Prev by Date: Re: Should mem sections have overlapping addresses?
Next by Date: [Bug ld/16720] wrong overflow check in R_MIPS_HI16
Previous by thread: [Bug gold/15660] out of file descriptors and couldn't close any
Next by thread: [Bug ld/16720] wrong overflow check in R_MIPS_HI16
Index(es):
- Date
- Thread