Suggest a fix?
Fri Jul 27 23:52:00 GMT 2007

I see two instances of this code fragment in elflink.c:

  name = h->root.root.string;
  p = strchr (name, ELF_VER_CHR);
  if (p != NULL)
      alc = bfd_malloc (p - name + 1);
      memcpy (alc, name, p - name);
      alc[p - name] = '\0';
      name = alc;

One is in elf_collect_hash_codes, and one in elf_collect_gnu_hash_codes.
The issue is that the bfd_malloc is not checked for null return, and I'm
not sure what best to do if it returns null.

By any chance, is there an upper limit to the length of 'name',
and could we just use a static or local buffer?  I know you guys
don't like to use alloca...

More information about the Binutils mailing list