readelf: handle_core_item large right shift triggers undefined behaviour.
The problem is this:
int n = ffs (w);
w >>= n;
The intent is to shift away up to (and including) the first least
significant bit in w. But w is an unsigned int, so 32 bits. And the
least significant bit could be bit 32 (ffs counts from 1). Unfortunately
a right shift equal to (or larger than) the length in bits of the left
hand operand is undefined behaviour. We expect w to be zero afterwards.
Which would terminate the while loop in the function. But since it is
undefined behaviour anything can happen. In this case, what will actually
happen is that w is unchanged, causing an infinite loop...
gcc -fsanitize=undefined will catch and warn about this when w = 0x80000000
https://bugzilla.redhat.com/show_bug.cgi?id=
1259259
Signed-off-by: Mark Wielaard <mjw@redhat.com>
projects / thirdparty / elfutils.git / commit
