[PATCH] null ptr deref

Nick Clifton nickc@redhat.com
Wed Jul 25 14:59:00 GMT 2007


Hi Joseph, Hi Michael,

msnyder@sonic.net wrote:
> If out_list can be null, then we'll crash when we dereference it
> on the next loop iteration.  If it can't, then why test it?
> 
> I don't know if I've chosen the best way to deal with it if it is
> null -- open to suggestions.

There appear to be several more problems with _bfd_elf_merge_object_attributes, 
in addition to the one that Michael found:

   * out_list is set to the object attribute list from the input bfd not the 
output bfd.

   * in_list->tag is examined after setting "in_list = in_list->next" without 
checking to see if in_list is NULL.

   * in_attr->s is used to check for extra tags in the output list when it 
might actually be set to NULL.

Joseph -  I am attaching a tidy-up and fix-up of elf-attrs.c.  If you think 
that it is OK, please could you check it in.  In addition to attempting to fix 
the bugs above, and the problem Michael found, I have also tried to use 
#defined constants in the place of numeric constants in order to make the code 
easier to read.  There were several places however where the number 4 was used 
and I could not work out how this number was derived.  Possibly it was meant to 
be one more than Tag_Symbol, but I was not sure.  If you could find a way of 
replacing 4 with a more meaningful string that would be great.

Cheers
   Nick


-------------- next part --------------
A non-text attachment was scrubbed...
Name: elf-attrs.patch.bz2
Type: application/x-bzip2
Size: 4589 bytes
Desc: not available
URL: <https://sourceware.org/pipermail/binutils/attachments/20070725/7e5b0494/attachment.bz2>


More information about the Binutils mailing list