off by one in bfd/syms.c or bfd/elfcode.h?
Ian Lance Taylor
ian@airs.com
Mon Mar 25 21:17:00 GMT 2002
Gregory Steuck <greg@nest.cx> writes:
> Could somebody tell me which one of these 2 is to blame:
>
> syms.c:
> long
> _bfd_generic_read_minisymbols (abfd, dynamic, minisymsp, sizep)
> ...
>
> elfcode.h:
> long
> elf_slurp_symbol_table (abfd, symptrs, dynamic) {
> ...
>
> So elfcode writes into a chunk of memory even though it was allocated
> with size=0?
>
> This causes a segv on openbsd-sparc64. Changing
> _bfd_generic_read_minisymbols to allocate sizeof (asymbol *) more
> fixes the problem, but I am not sure if the fix is the correct one.
>
> Comments?
I would say that the bug is not in either of the functions you
mention, but rather in _bfd_elf_get_symtab_upper_bound. It does not
correctly handle the case of symtab_hdr->sh_size == 0, as it does not
leave room for the trailing null entry.
Ian
More information about the Binutils
mailing list