off by one in bfd/syms.c or bfd/elfcode.h?

H . J . Lu hjl@lucon.org
Tue Mar 26 08:20:00 GMT 2002


On Tue, Mar 26, 2002 at 08:09:28AM -0800, Gregory Steuck wrote:
> >>>>> "Ian" == Ian Lance Taylor <ian@airs.com> writes:
> 
>     Ian> I would say that the bug is not in either of the functions you
>     Ian> mention, but rather in _bfd_elf_get_symtab_upper_bound.  It
>     Ian> does not correctly handle the case of symtab_hdr->sh_size == 0,
>     Ian> as it does not leave room for the trailing null entry.
> 
> Would this be a correct patch then? (against release 2.10, I think)
> 
> Index: bfd/elf.c 
> =================================================================== 
> RCS file: /cvs/src/gnu/usr.bin/binutils/bfd/elf.c,v 
> retrieving revision 1.10 
> diff -u -r1.10 elf.c 
> --- bfd/elf.c   2001/06/09 22:29:25     1.10 
> +++ bfd/elf.c   2002/03/26 15:56:17 
> @@ -4302,7 +4302,8 @@ 
>   
>     Note that we base it on the count plus 1, since we will null terminate 
>     the vector allocated based on this size.  However, the ELF symbol table 
> -   always has a dummy entry as symbol #0, so it ends up even.  */ 
> +   always has a dummy entry as symbol #0, so it ends up even. The only 
> +   exception to this rule being empty symbol table. */ 
>   
>  long 
>  _bfd_elf_get_symtab_upper_bound (abfd) 
> @@ -4313,7 +4314,10 @@ 
>    Elf_Internal_Shdr *hdr = &elf_tdata (abfd)->symtab_hdr; 
>   
>    symcount = hdr->sh_size / get_elf_backend_data (abfd)->s->sizeof_sym; 
> -  symtab_size = (symcount - 1 + 1) * (sizeof (asymbol *)); 
> +  if (symcount > 0) 
> +    symtab_size = (symcount - 1 + 1) * (sizeof (asymbol *)); 

Why (symcount - 1 + 1)?

> +  else 
> +    symtab_size = sizeof (asymbol *); 
>   
>    return symtab_size; 
>  } 
> @@ -4333,7 +4337,10 @@ 
>      } 
>   
>    symcount = hdr->sh_size / get_elf_backend_data (abfd)->s->sizeof_sym; 
> -  symtab_size = (symcount - 1 + 1) * (sizeof (asymbol *)); 
> +  if (symcount > 0) 
> +    symtab_size = (symcount - 1 + 1) * (sizeof (asymbol *)); 

Why (symcount - 1 + 1)?

> +  else 
> +    symtab_size = sizeof (asymbol *);  
>   
>    return symtab_size; 
>  } 


H.J.



More information about the Binutils mailing list