From patchwork Thu Aug  3 11:42:25 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Alan Modra <amodra@gmail.com>
X-Patchwork-Id: 130501
Return-Path: <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:9f41:0:b0:3e4:2afc:c1 with SMTP id v1csp1086652vqx;
        Thu, 3 Aug 2023 04:42:42 -0700 (PDT)
X-Google-Smtp-Source: 
 APBJJlHxhkVO5spF7tH6L0u5Gwqi9NNLXUheag15smnzcaHaPtYJ5rnpOzy9yMdY0YDXWZABXPMD
X-Received: by 2002:aa7:d702:0:b0:51d:9ddf:f0f6 with SMTP id
 t2-20020aa7d702000000b0051d9ddff0f6mr8002197edq.36.1691062962531;
        Thu, 03 Aug 2023 04:42:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691062962; cv=none;
        d=google.com; s=arc-20160816;
        b=EsRNzKMQXX7d36Y/slo1xSgm/5AcvT9HYKqTjVmJ/N7CLfmfK6DRDJCkG9iiOEHnxQ
         lUvkbwsBAOgi5iKcj20b3+Ka64h6GH8rpvsnAorAEqfMwk4HxekIPG5lJcCNvZJ6kq3c
         Nddr10T3D5p02qqjYlkfMoMSgglr9tvzDyf+pO4uWcSlcGiXGWt0GBzfgMeDMPuDmpth
         H9oHHP0wCe5wqRurogR0BC+SdoCnhfmwmSEhUA9+oLHpIP3H8QJbthk65lCvsbX7mbk9
         ZAm5dgv5Mj4YmamYaecEppc29egzyUCEpEsqJSDUIjO7yGVn7nt0Ic0rv7KyEABRpXLr
         nIVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post
         :list-archive:list-unsubscribe:list-id:precedence
         :content-transfer-encoding:content-disposition:mime-version
         :message-id:subject:to:date:dmarc-filter:delivered-to:dkim-signature
         :dkim-filter;
        bh=WWlZfHtlKybO8AXrVfnVMgpyg9yTSmYDfcf296VF0O0=;
        fh=HNIqzTA9Dp00ovCAyCdXfuEvWDT00OlFxFRPLybXRis=;
        b=nYkW3KyrEMQVFXjTeRGkYourqfzoAoUrAbGGcYWXlT+HHScCjdKL9eFx1x8qZlq4jK
         R+NZ+MTJBwhY0VMa99wx6HkRxec7VitVqL2mFwm2uJTHn3nbCk0ZCQhO0noci0jZk6Z+
         bCchMZm6pWtKCCq2lXrr+8lJ+JIe1j5qZZmFK0dYuN84fsjiyEBbFD51LCXB1OP8ECi5
         MzGy89EFI1vchZihxVcZ7mCtsMZv0Ub3XaWFCK4w7NBNxIbJxbFgDmuxt6YmOjadBOjZ
         12uQoZ/ddY+EwPKiG670stRC0FRM+/EFokWcdfj/1GUD38NdR3gnAY778C+5Ska2oQkz
         cK/w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@sourceware.org header.s=default
 header.b="P5MtGi/F";
       spf=pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org
Received: from server2.sourceware.org (server2.sourceware.org.
 [2620:52:3:1:0:246e:9693:128c])
        by mx.google.com with ESMTPS id
 y14-20020aa7c24e000000b005227d7bfc18si2023734edo.619.2023.08.03.04.42.42
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 03 Aug 2023 04:42:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@sourceware.org header.s=default
 header.b="P5MtGi/F";
       spf=pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 883853857C44
	for <ouuuleilei@gmail.com>; Thu,  3 Aug 2023 11:42:38 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 883853857C44
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1691062958;
	bh=WWlZfHtlKybO8AXrVfnVMgpyg9yTSmYDfcf296VF0O0=;
	h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=P5MtGi/FnbKWYHrFZUN1Z4tuvQ9uBksmcqIoMN+nHKrwtst560j/H8liJSxvT57yx
	 z7aOuu/NoRLy8sJSIyC0hRf8kxtNs01fR6TKgUbjxlwY4CkYbV2I8XxrD51rAt+j2F
	 ADdLaLoP1jg+WeYvqzgBVkEfiHuuadnm4c9ihnFo=
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com
 [IPv6:2607:f8b0:4864:20::1032])
 by sourceware.org (Postfix) with ESMTPS id ACFB93858D1E
 for <binutils@sourceware.org>; Thu,  3 Aug 2023 11:42:29 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org ACFB93858D1E
Received: by mail-pj1-x1032.google.com with SMTP id
 98e67ed59e1d1-26809f86bd5so397807a91.3
 for <binutils@sourceware.org>; Thu, 03 Aug 2023 04:42:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1691062948; x=1691667748;
 h=content-transfer-encoding:content-disposition:mime-version
 :message-id:subject:to:from:date:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=WWlZfHtlKybO8AXrVfnVMgpyg9yTSmYDfcf296VF0O0=;
 b=PN2X0uBrduUulTNH3vmPDhLqKxGbk8Y4E1xZaGfoCrxITaz0HmxVNluRCX+ZKrnkZv
 pjH4aZLGksx8+iKNWzXXNyzwy6egT+w8jb6vxzcaGkunx2fOp8+BjVEGGHLRa/LflrTf
 MjEZmOpgCxY0YRwN5X/LjQAOEKlNMhqWjI4itycZfTi38/DxJWAq/atA0/0gJdSbWONt
 +GNcaEB/QSO5nJu08wpmRwhNC0VJ6Vew7zs7cVSnc41gdkzswAhJThLdJkFqrw75b8i6
 YJ4XP2W3xEM8NLOG9vQahmpzFPfYMsHZcdaaZu+TakpfZhXIKycA1dqHy7Lvt9sEsVFH
 1NjQ==
X-Gm-Message-State: ABy/qLauKDXjFpyLHpn/3J4FIVT8qz4k8HHXcogRh7zLHYoM5qqB1Q36
 MqLUd7i4koc4ZIGMkc7c7m/JyZh4o1c=
X-Received: by 2002:a17:90a:a58d:b0:263:f7ce:335e with SMTP id
 b13-20020a17090aa58d00b00263f7ce335emr15668327pjq.43.1691062948023;
 Thu, 03 Aug 2023 04:42:28 -0700 (PDT)
Received: from squeak.grove.modra.org
 ([2406:3400:51d:8cc0:a029:aaba:dbee:92cb])
 by smtp.gmail.com with ESMTPSA id
 az21-20020a17090b029500b00263e1db8460sm2455893pjb.9.2023.08.03.04.42.27
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 03 Aug 2023 04:42:27 -0700 (PDT)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
 id 21B3D11415EF; Thu,  3 Aug 2023 21:12:25 +0930 (ACST)
Date: Thu, 3 Aug 2023 21:12:25 +0930
To: binutils@sourceware.org
Subject: objdump, nm: sprintf sanitizer null destination pointer
Message-ID: <ZMuSoc3Euo895oCb@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Disposition: inline
X-Spam-Status: No, score=-3033.9 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-Patchwork-Original-From: Alan Modra via Binutils <binutils@sourceware.org>
From: Alan Modra <amodra@gmail.com>
Reply-To: Alan Modra <amodra@gmail.com>
Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org
Sender: "Binutils" <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1773208037125506963
X-GMAIL-MSGID: 1773208037125506963

Seen on Ubuntu 23.04 x86_64-linux using gcc-12.2 and gcc-12.3 with
CFLAGS="-m32 -g -O2 -fsanitize=address,undefined".

  CC       objdump.o
In file included from /usr/include/stdio.h:906,
                 from /home/alan/src/binutils-gdb/binutils/sysdep.h:24,
                 from /home/alan/src/binutils-gdb/binutils/objdump.c:51:
In function ‘sprintf’,
    inlined from ‘display_utf8’ at /home/alan/src/binutils-gdb/binutils/objdump.c:621:14,
    inlined from ‘sanitize_string.part.0’ at /home/alan/src/binutils-gdb/binutils/objdump.c:742:11:
/usr/include/bits/stdio2.h:30:10: error: null destination pointer [-Werror=format-overflow=]
   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   31 |                                   __glibc_objsize (__s), __fmt,
      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   32 |                                   __va_arg_pack ());
      |                                   ~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

The warning is bogus of course.  xmalloc is guaranteed to return
non-NULL, but apparently this isn't seen in display_utf6.  The same
doesn't happen with -m64, maybe due to inlining differences, I haven't
investigated fully.  Easily avoided as we hardly need to use sprintf
for a single char, or a two char string.

	* objdump.c (display_utf8): Avoid bogus sprintf sanitizer warning.
	Use hex ESC to switch back to default colour.
	(sanitize_string): Comment.  Bump buffer size by one.  Fix overlong
	line.
	* nm.c (display_utf8, sanitize_string): As above.

diff --git a/binutils/nm.c b/binutils/nm.c
index f96cfa31cb9..e4c8036df1b 100644
--- a/binutils/nm.c
+++ b/binutils/nm.c
@@ -541,13 +541,14 @@ display_utf8 (const unsigned char * in, char * out, unsigned int * consumed)
 
     case unicode_invalid:
     case unicode_hex:
-      out += sprintf (out, "%c", unicode_display == unicode_hex ? '<' : '{');
-      out += sprintf (out, "0x");
+      *out++ = unicode_display == unicode_hex ? '<' : '{';
+      *out++ = '0';
+      *out++ = 'x';
       for (j = 0; j < nchars; j++)
 	out += sprintf (out, "%02x", in [j]);
-      out += sprintf (out, "%c", unicode_display == unicode_hex ? '>' : '}');
+      *out++ = unicode_display == unicode_hex ? '>' : '}';
       break;
-      
+
     case unicode_highlight:
       if (isatty (1))
 	out += sprintf (out, "\x1B[31;47m"); /* Red.  */
@@ -557,7 +558,7 @@ display_utf8 (const unsigned char * in, char * out, unsigned int * consumed)
 	{
 	case 2:
 	  out += sprintf (out, "\\u%02x%02x",
-		  ((in[0] & 0x1c) >> 2), 
+		  ((in[0] & 0x1c) >> 2),
 		  ((in[0] & 0x03) << 6) | (in[1] & 0x3f));
 	  break;
 
@@ -579,7 +580,7 @@ display_utf8 (const unsigned char * in, char * out, unsigned int * consumed)
 	}
 
       if (unicode_display == unicode_highlight && isatty (1))
-	out += sprintf (out, "\033[0m"); /* Default colour.  */
+	out += sprintf (out, "\x1B[0m"); /* Default colour.  */
       break;
 
     default:
@@ -633,11 +634,15 @@ convert_utf8 (const char * in)
 
   /* Copy the input, translating as needed.  */
   in = original;
-  if (buffer_len < (strlen (in) * 9))
+  /* For 2 char unicode, max out is 12 (colour escapes) + 6, ie. 9 per in
+     For hex, max out is 8 for 2 char unicode, ie. 4 per in.
+     3 and 4 char unicode produce less output for input.  */
+  size_t max_needed = strlen (in) * 9 + 1;
+  if (buffer_len < max_needed)
     {
-      free ((void *) buffer);
-      buffer_len = strlen (in) * 9;
-      buffer = xmalloc (buffer_len + 1);
+      buffer_len = max_needed;
+      free (buffer);
+      buffer = xmalloc (buffer_len);
     }
 
   out = buffer;
@@ -657,8 +662,8 @@ convert_utf8 (const char * in)
 	{
 	  unsigned int num_consumed;
 
-	  out += display_utf8 ((const unsigned char *)(in - 1), out, & num_consumed);
-	  in += num_consumed - 1;
+	  out += display_utf8 ((const unsigned char *) --in, out, &num_consumed);
+	  in += num_consumed;
 	}
       else
 	*out++ = c;
diff --git a/binutils/objdump.c b/binutils/objdump.c
index a35982ea969..fb0db5d4fe8 100644
--- a/binutils/objdump.c
+++ b/binutils/objdump.c
@@ -617,11 +617,12 @@ display_utf8 (const unsigned char * in, char * out, unsigned int * consumed)
 
     case unicode_invalid:
     case unicode_hex:
-      out += sprintf (out, "%c", unicode_display == unicode_hex ? '<' : '{');
-      out += sprintf (out, "0x");
+      *out++ = unicode_display == unicode_hex ? '<' : '{';
+      *out++ = '0';
+      *out++ = 'x';
       for (j = 0; j < nchars; j++)
 	out += sprintf (out, "%02x", in [j]);
-      out += sprintf (out, "%c", unicode_display == unicode_hex ? '>' : '}');
+      *out++ = unicode_display == unicode_hex ? '>' : '}';
       break;
 
     case unicode_highlight:
@@ -655,7 +656,7 @@ display_utf8 (const unsigned char * in, char * out, unsigned int * consumed)
 	}
 
       if (unicode_display == unicode_highlight && isatty (1))
-	out += sprintf (out, "\033[0m"); /* Default colour.  */
+	out += sprintf (out, "\x1B[0m"); /* Default colour.  */
       break;
 
     default:
@@ -711,11 +712,15 @@ sanitize_string (const char * in)
 
   /* Copy the input, translating as needed.  */
   in = original;
-  if (buffer_len < (strlen (in) * 9))
+  /* For 2 char unicode, max out is 12 (colour escapes) + 6, ie. 9 per in
+     For hex, max out is 8 for 2 char unicode, ie. 4 per in.
+     3 and 4 char unicode produce less output for input.  */
+  size_t max_needed = strlen (in) * 9 + 1;
+  if (buffer_len < max_needed)
     {
-      free ((void *) buffer);
-      buffer_len = strlen (in) * 9;
-      buffer = xmalloc (buffer_len + 1);
+      buffer_len = max_needed;
+      free (buffer);
+      buffer = xmalloc (buffer_len);
     }
 
   out = buffer;
@@ -735,8 +740,8 @@ sanitize_string (const char * in)
 	{
 	  unsigned int num_consumed;
 
-	  out += display_utf8 ((const unsigned char *)(in - 1), out, & num_consumed);
-	  in += num_consumed - 1;
+	  out += display_utf8 ((const unsigned char *) --in, out, &num_consumed);
+	  in += num_consumed;
 	}
       else
 	*out++ = c;