This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

An memory over bounds access in pe_dll.c

From: Kai Tietz <Kai dot Tietz at onevision dot com>
To: binutils at sourceware dot org
Date: Fri, 15 Sep 2006 12:18:06 +0200
Subject: An memory over bounds access in pe_dll.c

Hallo,

I found a memory violation in the function "make_singleton_name_thunk" of 
pe_dll.c file. There is allocated a heap buffer of 4 bytes and afterwards 
memset this pointer with length of 8 bytes,

--- src/ld/pe-dll.c     2006-08-21 10:12:46.000000000 +0200
+++ src_n/ld/pe-dll.c   2006-09-15 12:07:39.000000000 +0200
@@ -2036,7 +2036,7 @@
   quick_symbol (abfd, U ("_nm_"), import, "", UNDSEC, BSF_GLOBAL, 0);
 
   bfd_set_section_size (abfd, id4, 8);
-  d4 = xmalloc (4);
+  d4 = xmalloc (8);
   id4->contents = d4;
   memset (d4, 0, 8);
   quick_reloc (abfd, 0, BFD_RELOC_RVA, 2);


Regards,
 i.A. Kai Tietz

PS: This piece of code brought me to the question, why this thunk gets an 
empty one plus ?

Follow-Ups:
- RE: An memory over bounds access in pe_dll.c
  - From: Dave Korn

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]