libdwarf: tag_tree_build and tag_attr_build: signed shift

Description:
libdwarf is a library to consume and produce DWARF debug information.

The following issue came out during the build with the undefined behavior sanitizer.

The complete UBsan output:

LD_LIBRARY_PATH=$LD_LIBRARY_PATH:../libdwarf ./tag_tree_build -s  -i tmp-tag-
tree-build1.tmp  -o tmp-tt-table.c 
tag_tree.c:350:60: runtime error: left shift of 1 by 31 places cannot be 
represented in type 'int'

LD_LIBRARY_PATH=$LD_LIBRARY_PATH:../libdwarf ./tag_attr_build -s -i tmp-tag-
attr-build2.tmp -o tmp-ta-table.c 
tag_attr.c:386:60: runtime error: left shift of 1 by 31 places cannot be 
represented in type 'int'

Affected version:
20160929 and past

Fixed version:
20161001

Commit fix:
https://sourceforge.net/p/libdwarf/code/ci/cdd1b6d98c2c13c92bbe3556130ab00daf663a6c/

Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.

Timeline:
2016-09-30: bug discovered
2016-09-30: bug reported privately to upstream
2016-09-30: upstream realeased a patch
2016-10-01: upstream released version 20161001
2016-10-02: blog post about the issue

Note:
This bug was found with the undefined behavior sanitizer.

Permalink:

libdwarf: tag_tree_build and tag_attr_build: signed shift

This entry was posted in advisories, security. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.