This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
Re: off by one in bfd/syms.c or bfd/elfcode.h?
- From: Ian Lance Taylor <ian at airs dot com>
- To: Gregory Steuck <greg at nest dot cx>
- Cc: binutils at sources dot redhat dot com
- Date: 25 Mar 2002 21:17:31 -0800
- Subject: Re: off by one in bfd/syms.c or bfd/elfcode.h?
- References: <15519.62812.394291.640080@tidy.nest.cx>
Gregory Steuck <greg@nest.cx> writes:
> Could somebody tell me which one of these 2 is to blame:
>
> syms.c:
> long
> _bfd_generic_read_minisymbols (abfd, dynamic, minisymsp, sizep)
> ...
>
> elfcode.h:
> long
> elf_slurp_symbol_table (abfd, symptrs, dynamic) {
> ...
>
> So elfcode writes into a chunk of memory even though it was allocated
> with size=0?
>
> This causes a segv on openbsd-sparc64. Changing
> _bfd_generic_read_minisymbols to allocate sizeof (asymbol *) more
> fixes the problem, but I am not sure if the fix is the correct one.
>
> Comments?
I would say that the bug is not in either of the functions you
mention, but rather in _bfd_elf_get_symtab_upper_bound. It does not
correctly handle the case of symtab_hdr->sh_size == 0, as it does not
leave room for the trailing null entry.
Ian