In libiberty/sha1.*, I don't see anything saying that sha1_process_block() has a size limit on its input buffer, and if the length of the buffer is big (e.g., 2^32 on a 64-bit machine) then this code won't correctly add a 64-bit number to 64-bit number: /* First increment the byte count. RFC 1321 specifies the possible length of the file up to 2^64 bits. Here we only compute the number of bytes. Do a double word increment. */ ctx->total[0] += len; if (ctx->total[0] < len) ++ctx->total[1]; The above is at sha1.c around line 302. Also, Florian Weimer pointed out that code nearby uses "len & ~63" when it perhaps should use something like "len & (~(size_t)63)". Similar bug(s) are in md5.*. See bug 39064 for details.
"len & ~63" works fine for any integer type.
Author: ktietz Date: Wed Jan 30 16:50:49 2013 New Revision: 195579 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=195579 Log: PR other/54620 PR target/39064 * md5.h (md5_uintptr, md5_uint32): Define as uintptr_t/uint32_t if stdint.h and sys/types.h headers are present. * sha1.h (sha1_uintptr, sha1_uint32): Likewise. Modified: trunk/include/ChangeLog trunk/include/md5.h trunk/include/sha1.h
Author: ktietz Date: Wed Jan 30 16:56:36 2013 New Revision: 195580 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=195580 Log: 2013-01-30 Kai Tietz <ktietz@redhat.com> PR other/54620 PR target/39064 * md5.h (md5_uintptr, md5_uint32): Define as uintptr_t/uint32_t if stdint.h and sys/types.h headers are present. * sha1.h (sha1_uintptr, sha1_uint32): Likewise. Modified: branches/gcc-4_7-branch/include/ChangeLog branches/gcc-4_7-branch/include/md5.h branches/gcc-4_7-branch/include/sha1.h
Author: ktietz Date: Wed Jan 30 16:58:10 2013 New Revision: 195581 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=195581 Log: PR other/54620 PR target/39064 * md5.h (md5_uintptr, md5_uint32): Define as uintptr_t/uint32_t if stdint.h and sys/types.h headers are present. * sha1.h (sha1_uintptr, sha1_uint32): Likewise. Modified: branches/gcc-4_6-branch/include/ChangeLog branches/gcc-4_6-branch/include/md5.h branches/gcc-4_6-branch/include/sha1.h
Author: ktietz Date: Thu Jan 31 08:17:37 2013 New Revision: 195603 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=195603 Log: PR other/54620 * sha1.c (sha1_process_block): Handle case that size_t is a wider-integer-scalar as a 32-bit unsigned integer. Modified: trunk/libiberty/ChangeLog
Author: ktietz Date: Thu Jan 31 08:17:58 2013 New Revision: 195604 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=195604 Log: PR other/54620 * sha1.c (sha1_process_block): Handle case that size_t is a wider-integer-scalar as a 32-bit unsigned integer. Modified: trunk/libiberty/sha1.c
Author: ktietz Date: Thu Jan 31 08:19:03 2013 New Revision: 195605 URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=195605 Log: Merged from trunk PR other/54620 * sha1.c (sha1_process_block): Handle case that size_t is a wider-integer-scalar as a 32-bit unsigned integer. Modified: branches/gcc-4_7-branch/libiberty/ChangeLog branches/gcc-4_7-branch/libiberty/sha1.c
Fixed.