PATCH: fix unitialized memory reads in bfd/elf32-mips.c

Manfred Hollstein manfred-h@t-online.de
Wed Apr 14 10:47:00 GMT 1999


Hi,

I reported this problem already with bfd in binutils-2.9.1 and gdb-4.17;
as it is still present in gdb-4.18, I'm re-posting a patch.

manfred

On Tue, 23 February 1999, 17:20:23, manfred@s-direktnet.de wrote:

 > This small patch fixes a bug I observed while running gdb-4.17
 > on a mips-sgi-irix5.3 system.  Since the debuggee's debug info
 > was larger than the system's virtual memory was able to provide,
 > the "goto error_return" in bfd/elf32-mips.c:_bfd_mips_elf_read_ecoff_info
 > got executed, which in turn tries to cleanup allocated memory.
 > Unfortunately, it's simply checking probably unitialized
 > memory to decide whether it should.

1999-04-14  Manfred Hollstein  <mhollstein@cygnus.com>

	* elf32-mips.c (_bfd_mips_elf_read_ecoff_info): Set all
	fields to 0 which may cause erroneous calls to free when
	"goto error_return" is executed.

diff -rup -x CVS -x RCS -x *.o -x *.info* -x *.html* -x *.elc -x *.dvi -x *.orig -x *~ -x version.el gdb-4.18.orig/bfd/elf32-mips.c gdb-4.18/bfd/elf32-mips.c
--- gdb-4.18.orig/bfd/elf32-mips.c	Wed Apr  7 22:57:07 1999
+++ gdb-4.18/bfd/elf32-mips.c	Wed Apr 14 15:13:27 1999
@@ -3058,6 +3058,17 @@ _bfd_mips_elf_read_ecoff_info (abfd, sec
 
   /* The symbolic header contains absolute file offsets and sizes to
      read.  */
+  debug->line = 0;
+  debug->external_dnr = 0;
+  debug->external_pdr = 0;
+  debug->external_sym = 0;
+  debug->external_opt = 0;
+  debug->external_aux = 0;
+  debug->ss = 0;
+  debug->ssext = 0;
+  debug->external_fdr = 0;
+  debug->external_rfd = 0;
+  debug->external_ext = 0;
 #define READ(ptr, offset, count, size, type)				\
   if (symhdr->count == 0)						\
     debug->ptr = NULL;							\


-- 
 Manfred Hollstein	 If you have any questions about GNU software:
  EMAIL:		<mhollstein@cygnus.com>	or <manfred.h@gmx.net>
  WWW:			     < http://home.t-online.de/home/manfred-h/ >
  PGP: < http://home.t-online.de/home/manfred-h/manfred.hATgmx.net.asc >


More information about the Gdb-patches mailing list