off by one in bfd/syms.c or bfd/elfcode.h?

Ian Lance Taylor ian@airs.com
Mon Mar 25 21:17:00 GMT 2002


Gregory Steuck <greg@nest.cx> writes:

> Could somebody tell me which one of these 2 is to blame:
> 
> syms.c:
> long
> _bfd_generic_read_minisymbols (abfd, dynamic, minisymsp, sizep)
> ...
> 
> elfcode.h:
> long
> elf_slurp_symbol_table (abfd, symptrs, dynamic) {
> ...
> 
> So elfcode writes into a chunk of memory even though it was allocated
> with size=0?
> 
> This causes a segv on openbsd-sparc64. Changing
> _bfd_generic_read_minisymbols to allocate sizeof (asymbol *) more
> fixes the problem, but I am not sure if the fix is the correct one.
> 
> Comments?

I would say that the bug is not in either of the functions you
mention, but rather in _bfd_elf_get_symtab_upper_bound.  It does not
correctly handle the case of symtab_hdr->sh_size == 0, as it does not
leave room for the trailing null entry.

Ian



More information about the Binutils mailing list