This is the mail archive of the binutils@sources.redhat.com mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

off by one in bfd/syms.c or bfd/elfcode.h?

From: Gregory Steuck <greg at nest dot cx>
To: binutils at sources dot redhat dot com
Date: Mon, 25 Mar 2002 20:13:16 -0800
Subject: off by one in bfd/syms.c or bfd/elfcode.h?

Could somebody tell me which one of these 2 is to blame:

syms.c:
long
_bfd_generic_read_minisymbols (abfd, dynamic, minisymsp, sizep)
{
...
  syms = (asymbol **) bfd_malloc ((size_t) storage);      // Greg: storage = 0
  if (syms == NULL)
    goto error_return;

  if (dynamic)
    symcount = bfd_canonicalize_dynamic_symtab (abfd, syms);
...
}

elfcode.h:
long
elf_slurp_symbol_table (abfd, symptrs, dynamic) {
...
  /* Fill in the user's symbol pointer vector if needed.  */
  if (symptrs)
    {
      long l = symcount;

      sym = symbase;
      while (l-- > 0)
	{
	  *symptrs++ = &sym->symbol;
	  sym++;
	}
      *symptrs = 0;		/* Final null pointer */  // Greg: it
                                                          // wan't allocated!
    }
...
}

So elfcode writes into a chunk of memory even though it was allocated
with size=0?

This causes a segv on openbsd-sparc64. Changing
_bfd_generic_read_minisymbols to allocate sizeof (asymbol *) more
fixes the problem, but I am not sure if the fix is the correct one.

Comments?

Follow-Ups:
- Re: off by one in bfd/syms.c or bfd/elfcode.h?
  - From: Ian Lance Taylor
- Re: off by one in bfd/syms.c or bfd/elfcode.h?
  - From: Alan Modra

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]