This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] Fix for reads of unallocated memory in ld

From: Douglas B Rupp <rupp at adacore dot com>
To: binutils <binutils at sourceware dot org>
Date: Mon, 12 May 2014 08:18:34 -0700
Subject: [PATCH] Fix for reads of unallocated memory in ld
Authentication-results: sourceware.org; auth=none

I don't have commit privileges, could someone please review, and iffound satisfactory, apply this patch?


--Douglas Rupp
AdaCore

Patch attached for errors found with valgrind while working onarm-wrs-vxworks-ld, e.g.:


==13043== Invalid read of size 1
==13043==    at 0x4935A2: iterative_hash (hashtab.c:974)
...
==13043==  Address 0x66e0e1b is not stack'd, malloc'd or (recently) free'd

It's not specific to arm-wrs-vxworks. The problem is there's a paththrough elf-eh-frame.c/skip_non_nops() that doesn't set the return valueproperly, and leaves it off by 1. Later on this value, which should be0, causes a problem is in this bit of code also in bfd/elf-eh-frame.c:


      insns_end = skip_non_nops (insns, end, length, &set_loc_count);
...
      this_inf->size -= end - insns_end;
      if (insns_end != end && this_inf->cie)
        {
          cie->initial_insn_length -= end - insns_end;
          cie->length -= end - insns_end;
        }

If cie->initial_insn_length is 0, the subtraction underflows to 255which is a bogus value. When the hashing function gets ahold of thevalue, it starts reading unallocated memory.

Attachment: nops.diff.txt
Description: Text document

Follow-Ups:
- Re: [PATCH] Fix for reads of unallocated memory in ld
  - From: Alan Modra

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]