This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
Re: off by one in bfd/syms.c or bfd/elfcode.h?
>>>>> "Ian" == Ian Lance Taylor <ian@airs.com> writes:
Ian> I would say that the bug is not in either of the functions you
Ian> mention, but rather in _bfd_elf_get_symtab_upper_bound. It
Ian> does not correctly handle the case of symtab_hdr->sh_size == 0,
Ian> as it does not leave room for the trailing null entry.
Would this be a correct patch then? (against release 2.10, I think)
Index: bfd/elf.c
===================================================================
RCS file: /cvs/src/gnu/usr.bin/binutils/bfd/elf.c,v
retrieving revision 1.10
diff -u -r1.10 elf.c
--- bfd/elf.c 2001/06/09 22:29:25 1.10
+++ bfd/elf.c 2002/03/26 15:56:17
@@ -4302,7 +4302,8 @@
Note that we base it on the count plus 1, since we will null terminate
the vector allocated based on this size. However, the ELF symbol table
- always has a dummy entry as symbol #0, so it ends up even. */
+ always has a dummy entry as symbol #0, so it ends up even. The only
+ exception to this rule being empty symbol table. */
long
_bfd_elf_get_symtab_upper_bound (abfd)
@@ -4313,7 +4314,10 @@
Elf_Internal_Shdr *hdr = &elf_tdata (abfd)->symtab_hdr;
symcount = hdr->sh_size / get_elf_backend_data (abfd)->s->sizeof_sym;
- symtab_size = (symcount - 1 + 1) * (sizeof (asymbol *));
+ if (symcount > 0)
+ symtab_size = (symcount - 1 + 1) * (sizeof (asymbol *));
+ else
+ symtab_size = sizeof (asymbol *);
return symtab_size;
}
@@ -4333,7 +4337,10 @@
}
symcount = hdr->sh_size / get_elf_backend_data (abfd)->s->sizeof_sym;
- symtab_size = (symcount - 1 + 1) * (sizeof (asymbol *));
+ if (symcount > 0)
+ symtab_size = (symcount - 1 + 1) * (sizeof (asymbol *));
+ else
+ symtab_size = sizeof (asymbol *);
return symtab_size;
}