Memory overrun bug in CVS arm-elf-ld

Alan Modra amodra@bigpond.net.au
Wed Jun 18 00:19:00 GMT 2003


On Tue, Jun 17, 2003 at 10:53:04AM +0100, Nick Clifton wrote:
> *** bfd/elflink.h	3 Jun 2003 22:27:22 -0000	1.228
> --- bfd/elflink.h	17 Jun 2003 09:47:12 -0000
> *************** elf_gc_record_vtentry (abfd, sec, h, add
> *** 6283,6289 ****
>     struct elf_backend_data *bed = get_elf_backend_data (abfd);
>     unsigned int log_file_align = bed->s->log_file_align;
>   
> !   if (addend >= h->vtable_entries_size)
>       {
>         size_t size, bytes;
>         bfd_boolean *ptr = h->vtable_entries_used;
> --- 6283,6289 ----
>     struct elf_backend_data *bed = get_elf_backend_data (abfd);
>     unsigned int log_file_align = bed->s->log_file_align;
>   
> !   if (addend > h->vtable_entries_size)
>       {
>         size_t size, bytes;
>         bfd_boolean *ptr = h->vtable_entries_used;
> *************** elf_gc_record_vtentry (abfd, sec, h, add
> *** 6304,6311 ****
>   	}
>   
>         /* Allocate one extra entry for use as a "done" flag for the
> ! 	 consolidation pass.  */
> !       bytes = ((size >> log_file_align) + 1) * sizeof (bfd_boolean);
>   
>         if (ptr)
>   	{
> --- 6304,6312 ----
>   	}
>   
>         /* Allocate one extra entry for use as a "done" flag for the
> ! 	 consolidation pass and another extra entry because we are
> ! 	 going to write up to and including 'size' entries.  */
> !       bytes = ((size >> log_file_align) + 2) * sizeof (bfd_boolean);
>   
>         if (ptr)
>   	{
>         

Nick, I think this is wrong.  h->vtable_entries_size is used here
(oldbytes) and in other places to determine how many entries are valid.
Just allocating extra space won't fix the valid entry count.

	* elflink.h (elf_gc_record_vtentry): Revert last change.  Correct
	size calculation from addend.  Round size up.

Note that rounding the size shouldn't be necessary, but I'd rather be
bomb-proof.

Index: bfd/elflink.h
===================================================================
RCS file: /cvs/src/src/bfd/elflink.h,v
retrieving revision 1.229
diff -u -p -r1.229 elflink.h
--- bfd/elflink.h	17 Jun 2003 09:57:18 -0000	1.229
+++ bfd/elflink.h	18 Jun 2003 00:14:39 -0000
@@ -6283,30 +6283,31 @@ elf_gc_record_vtentry (abfd, sec, h, add
   struct elf_backend_data *bed = get_elf_backend_data (abfd);
   unsigned int log_file_align = bed->s->log_file_align;
 
-  if (addend > h->vtable_entries_size)
+  if (addend >= h->vtable_entries_size)
     {
-      size_t size, bytes;
+      size_t size, bytes, file_align;
       bfd_boolean *ptr = h->vtable_entries_used;
 
       /* While the symbol is undefined, we have to be prepared to handle
 	 a zero size.  */
+      file_align = 1 << log_file_align;
       if (h->root.type == bfd_link_hash_undefined)
-	size = addend;
+	size = addend + file_align;
       else
 	{
 	  size = h->size;
-	  if (size < addend)
+	  if (size <= addend)
 	    {
 	      /* Oops!  We've got a reference past the defined end of
 		 the table.  This is probably a bug -- shall we warn?  */
-	      size = addend;
+	      size = addend + file_align;
 	    }
 	}
+      size = (size + file_align - 1) & -file_align;
 
       /* Allocate one extra entry for use as a "done" flag for the
-	 consolidation pass and another extra entry because we are
-	 going to write up to and including 'size' entries.  */
-      bytes = ((size >> log_file_align) + 2) * sizeof (bfd_boolean);
+	 consolidation pass.  */
+      bytes = ((size >> log_file_align) + 1) * sizeof (bfd_boolean);
 
       if (ptr)
 	{

-- 
Alan Modra
IBM OzLabs - Linux Technology Centre



More information about the Binutils mailing list