src/contrib/elftoolchain/elfcopy/sections.c underallocates for Elf64_Rela and Elf32_Rela?
Mark Millard
marklmi at yahoo.com
Sun Jul 8 15:47:43 UTC 2018
src/contrib/elftoolchain/elfcopy/sections.c has and uses the macro:
716 #define COPYREL(REL, SZ) do { \
717 if (nrels == 0) { \
718 if ((REL##SZ = malloc(cap * \
719 sizeof(Elf##SZ##_Rel))) == NULL) \
720 err(EXIT_FAILURE, "malloc failed"); \
721 } \
722 if (nrels >= cap) { \
723 cap *= 2; \
724 if ((REL##SZ = realloc(REL##SZ, cap * \
725 sizeof(Elf##SZ##_Rel))) == NULL) \
726 err(EXIT_FAILURE, "realloc failed"); \
727 } \
728 REL##SZ[nrels].r_offset = REL.r_offset; \
729 REL##SZ[nrels].r_info = REL.r_info; \
730 if (s->type == SHT_RELA) \
731 rela##SZ[nrels].r_addend = rela.r_addend; \
732 nrels++; \
733 } while (0)
The context has:
687 Elf32_Rel *rel32;
688 Elf64_Rel *rel64;
689 Elf32_Rela *rela32;
690 Elf64_Rela *rela64;
So for, say, COPYREL(rela,64), the macro uses sizeof(Elf64_Rel) instead
of sizeof(ELF64_Rela) in malloc and realloc but Elf64_Rela is the
larger structure of the two ELF64_ types (by also having .r_addend).
The scan build on ci.freebsd.org complains about this:
Result of 'realloc' is converted to a pointer of type 'Elf64_Rela', which is incompatible with sizeof operand type 'Elf64_Rel'
So far it does not look like a false-positive to me.
===
Mark Millard
marklmi at yahoo.com
( dsl-only.net went
away in early 2018-Mar)
More information about the freebsd-toolchain
mailing list