dwarf-reader: gnu_hash_tab lookup: fix overflow in bloom hash calculation

For valid values of h1/h2 and c, the signed integer left shift
expression (1 << (h1 % c)) might overflow, exposing undefined behaviour.
Fix that by using a data type that can hold the value.

That issue had been reported by ASAN when running test-lookup-syms:
	src/abg-dwarf-reader.cc:2028:50: runtime error:
		shift exponent 53 is too large for 32-bit type 'int'

	* src/abg-dwarf-reader.cc(lookup_symbol_from_gnu_hash_tab): Fix
	signed integer overflow.

Signed-off-by: Matthias Maennich <maennich@google.com>

diff --git a/src/abg-dwarf-reader.cc b/src/abg-dwarf-reader.cc
index a60f46255c16015e5090ee6d1f8918cb807d9b5e..3454fcf5cf7c1ce80440b511f713d158ad0b3e4f 100644 (file)
--- a/src/abg-dwarf-reader.cc
+++ b/src/abg-dwarf-reader.cc
@@ -2025,7 +2025,7 @@ lookup_symbol_from_gnu_hash_tab(const environment*                env,
   // filter, in bits.
   int c = get_elf_class_size_in_bytes(elf_handle) * 8;
   int n =  (h1 / c) % ht.bf_nwords;
-  unsigned char bitmask = (1 << (h1 % c)) | (1 << (h2 % c));
+  unsigned char bitmask = (1ul << (h1 % c)) | (1ul << (h2 % c));
 
   // Test if the symbol is *NOT* present in this ELF file.
   if ((bloom_word_at(elf_handle, ht.bloom_filter, n) & bitmask) != bitmask)