off by one in bfd/syms.c or bfd/elfcode.h?

Gregory Steuck greg@nest.cx
Tue Mar 26 08:09:00 GMT 2002


>>>>> "Ian" == Ian Lance Taylor <ian@airs.com> writes:

    Ian> I would say that the bug is not in either of the functions you
    Ian> mention, but rather in _bfd_elf_get_symtab_upper_bound.  It
    Ian> does not correctly handle the case of symtab_hdr->sh_size == 0,
    Ian> as it does not leave room for the trailing null entry.

Would this be a correct patch then? (against release 2.10, I think)

Index: bfd/elf.c 
=================================================================== 
RCS file: /cvs/src/gnu/usr.bin/binutils/bfd/elf.c,v 
retrieving revision 1.10 
diff -u -r1.10 elf.c 
--- bfd/elf.c   2001/06/09 22:29:25     1.10 
+++ bfd/elf.c   2002/03/26 15:56:17 
@@ -4302,7 +4302,8 @@ 
  
    Note that we base it on the count plus 1, since we will null terminate 
    the vector allocated based on this size.  However, the ELF symbol table 
-   always has a dummy entry as symbol #0, so it ends up even.  */ 
+   always has a dummy entry as symbol #0, so it ends up even. The only 
+   exception to this rule being empty symbol table. */ 
  
 long 
 _bfd_elf_get_symtab_upper_bound (abfd) 
@@ -4313,7 +4314,10 @@ 
   Elf_Internal_Shdr *hdr = &elf_tdata (abfd)->symtab_hdr; 
  
   symcount = hdr->sh_size / get_elf_backend_data (abfd)->s->sizeof_sym; 
-  symtab_size = (symcount - 1 + 1) * (sizeof (asymbol *)); 
+  if (symcount > 0) 
+    symtab_size = (symcount - 1 + 1) * (sizeof (asymbol *)); 
+  else 
+    symtab_size = sizeof (asymbol *); 
  
   return symtab_size; 
 } 
@@ -4333,7 +4337,10 @@ 
     } 
  
   symcount = hdr->sh_size / get_elf_backend_data (abfd)->s->sizeof_sym; 
-  symtab_size = (symcount - 1 + 1) * (sizeof (asymbol *)); 
+  if (symcount > 0) 
+    symtab_size = (symcount - 1 + 1) * (sizeof (asymbol *)); 
+  else 
+    symtab_size = sizeof (asymbol *);  
  
   return symtab_size; 
 } 



More information about the Binutils mailing list