off by one in bfd/syms.c or bfd/elfcode.h?
Gregory Steuck
greg@nest.cx
Mon Mar 25 20:15:00 GMT 2002
Could somebody tell me which one of these 2 is to blame:
syms.c:
long
_bfd_generic_read_minisymbols (abfd, dynamic, minisymsp, sizep)
{
...
syms = (asymbol **) bfd_malloc ((size_t) storage); // Greg: storage = 0
if (syms == NULL)
goto error_return;
if (dynamic)
symcount = bfd_canonicalize_dynamic_symtab (abfd, syms);
...
}
elfcode.h:
long
elf_slurp_symbol_table (abfd, symptrs, dynamic) {
...
/* Fill in the user's symbol pointer vector if needed. */
if (symptrs)
{
long l = symcount;
sym = symbase;
while (l-- > 0)
{
*symptrs++ = &sym->symbol;
sym++;
}
*symptrs = 0; /* Final null pointer */ // Greg: it
// wan't allocated!
}
...
}
So elfcode writes into a chunk of memory even though it was allocated
with size=0?
This causes a segv on openbsd-sparc64. Changing
_bfd_generic_read_minisymbols to allocate sizeof (asymbol *) more
fixes the problem, but I am not sure if the fix is the correct one.
Comments?
More information about the Binutils
mailing list