This is the mail archive of the binutils@sources.redhat.com mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: off by one in bfd/syms.c or bfd/elfcode.h?


Gregory Steuck <greg@nest.cx> writes:

> Could somebody tell me which one of these 2 is to blame:
> 
> syms.c:
> long
> _bfd_generic_read_minisymbols (abfd, dynamic, minisymsp, sizep)
> ...
> 
> elfcode.h:
> long
> elf_slurp_symbol_table (abfd, symptrs, dynamic) {
> ...
> 
> So elfcode writes into a chunk of memory even though it was allocated
> with size=0?
> 
> This causes a segv on openbsd-sparc64. Changing
> _bfd_generic_read_minisymbols to allocate sizeof (asymbol *) more
> fixes the problem, but I am not sure if the fix is the correct one.
> 
> Comments?

I would say that the bug is not in either of the functions you
mention, but rather in _bfd_elf_get_symtab_upper_bound.  It does not
correctly handle the case of symtab_hdr->sh_size == 0, as it does not
leave room for the trailing null entry.

Ian


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]