Memory corruption handling x86 relocs
H . J . Lu
hjl@valinux.com
Sun Feb 11 16:03:00 GMT 2001
On Sun, Feb 11, 2001 at 02:30:30PM -0800, Nick Clifton wrote:
> Hi Fred,
>
> : I have a test case that triggers internal memory corruption in BFD
> : when processing x86 relocs during linking. Basically either BFD is
> : incorrectly computing the amount of space needed, or is incorrectly
> : trying to store more relocs than it should, overwriting some other
> : pointers.
>
> Any luck figuring out exactly what is going wrong ?
>
> : + BFD_ASSERT (sreloc->reloc_count < (sreloc->_raw_size / sizeof (Elf32_External_Rel)));
>
> Why is the test for 'less than' rather than 'less than or equal to' ?
>
> reloc_count is the number of relocs in the section, which if they are
> REL type relocs ought to be equal to _raw_size/12, so the above assert
> would fail.
I have checked in a patch to address it. I am still waiting for the
real confirmation from Fred. See
http://sources.redhat.com/ml/binutils/2001-02/msg00165.html
BTW, I am not sure if BFD_ASSERT there is necessary. Maybe we can add
one at the end of elf_i386_relocate_section ().
--
H.J. Lu (hjl@valinux.com)
More information about the Binutils
mailing list