This is the mail archive of the
gdb-cvs@sourceware.org
mailing list for the GDB project.
[binutils-gdb] Fix gdb_bfd_section_index for special sections
- From: Pedro Alves <palves at sourceware dot org>
- To: gdb-cvs at sourceware dot org
- Date: 27 Mar 2015 12:37:30 -0000
- Subject: [binutils-gdb] Fix gdb_bfd_section_index for special sections
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ce9c0ca18fe50e1e5a87b135032e4aeba415e2ab
commit ce9c0ca18fe50e1e5a87b135032e4aeba415e2ab
Author: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Date: Fri Mar 27 12:09:02 2015 +0000
Fix gdb_bfd_section_index for special sections
Indexes returned for special sections are off by one, i.e. with N+4
sections last one has index N+4 returned which is outside allocated
obstack (at the same time index N is not used at all).
In worst case, if sections obstack is allocated up to end of chunk,
writing last section data will cause buffer overrun and some data
corruption.
Here's output from Valgrind::
==14630== Invalid write of size 8
==14630== at 0x551B1A: add_to_objfile_sections_full (objfiles.c:225)
==14630== by 0x552768: allocate_objfile (objfiles.c:324)
==14630== by 0x4E8E2E: symbol_file_add_with_addrs (symfile.c:1171)
==14630== by 0x4E9453: symbol_file_add_from_bfd (symfile.c:1280)
==14630== by 0x4E9453: symbol_file_add (symfile.c:1295)
==14630== by 0x4E94B7: symbol_file_add_main_1 (symfile.c:1320)
==14630== by 0x514246: catch_command_errors_const (main.c:398)
==14630== by 0x5150AA: captured_main (main.c:1061)
==14630== by 0x51123C: catch_errors (exceptions.c:240)
==14630== by 0x51569A: gdb_main (main.c:1164)
==14630== by 0x408824: main (gdb.c:32)
==14630== Address 0x635f3b8 is 8 bytes after a block of size 4,064 alloc'd
==14630== at 0x4C2ABA0: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14630== by 0x60F797: xmalloc (common-utils.c:41)
==14630== by 0x5E787FB: _obstack_begin (obstack.c:184)
==14630== by 0x552679: allocate_objfile (objfiles.c:294)
==14630== by 0x4E8E2E: symbol_file_add_with_addrs (symfile.c:1171)
==14630== by 0x4E9453: symbol_file_add_from_bfd (symfile.c:1280)
==14630== by 0x4E9453: symbol_file_add (symfile.c:1295)
==14630== by 0x4E94B7: symbol_file_add_main_1 (symfile.c:1320)
==14630== by 0x514246: catch_command_errors_const (main.c:398)
==14630== by 0x5150AA: captured_main (main.c:1061)
==14630== by 0x51123C: catch_errors (exceptions.c:240)
==14630== by 0x51569A: gdb_main (main.c:1164)
==14630== by 0x408824: main (gdb.c:32)
gdb/ChangeLog:
* gdb_bfd.c (gdb_bfd_section_index): Fix off-by-one for special
sections.
Diff:
---
gdb/ChangeLog | 5 +++++
gdb/gdb_bfd.c | 8 ++++----
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 150b29a..3ef965c 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,8 @@
+2015-03-27 Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
+
+ * gdb_bfd.c (gdb_bfd_section_index): Fix off-by-one for special
+ sections.
+
2015-03-26 Joel Brobecker <brobecker@adacore.com>
* dtrace-probe.c (dtrace_process_dof_probe): Contain any
diff --git a/gdb/gdb_bfd.c b/gdb/gdb_bfd.c
index 7543dae..3f89d3a 100644
--- a/gdb/gdb_bfd.c
+++ b/gdb/gdb_bfd.c
@@ -616,13 +616,13 @@ gdb_bfd_section_index (bfd *abfd, asection *section)
if (section == NULL)
return -1;
else if (section == bfd_com_section_ptr)
- return bfd_count_sections (abfd) + 1;
+ return bfd_count_sections (abfd);
else if (section == bfd_und_section_ptr)
- return bfd_count_sections (abfd) + 2;
+ return bfd_count_sections (abfd) + 1;
else if (section == bfd_abs_section_ptr)
- return bfd_count_sections (abfd) + 3;
+ return bfd_count_sections (abfd) + 2;
else if (section == bfd_ind_section_ptr)
- return bfd_count_sections (abfd) + 4;
+ return bfd_count_sections (abfd) + 3;
return section->index;
}