This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: An memory over bounds access in pe_dll.c


On 15 September 2006 11:18, Kai Tietz wrote:

> I found a memory violation in the function "make_singleton_name_thunk" of
> pe_dll.c file. There is allocated a heap buffer of 4 bytes and afterwards
> memset this pointer with length of 8 bytes,
> 
> --- src/ld/pe-dll.c     2006-08-21 10:12:46.000000000 +0200
> +++ src_n/ld/pe-dll.c   2006-09-15 12:07:39.000000000 +0200
> @@ -2036,7 +2036,7 @@
>    quick_symbol (abfd, U ("_nm_"), import, "", UNDSEC, BSF_GLOBAL, 0);
> 
>    bfd_set_section_size (abfd, id4, 8);
> -  d4 = xmalloc (4);
> +  d4 = xmalloc (8);
>    id4->contents = d4;
>    memset (d4, 0, 8);
>    quick_reloc (abfd, 0, BFD_RELOC_RVA, 2);
> 

  Ouch!  Good catch.  But, it would be better to make a #define to replace
/all/ the hard-coded constant 8s in that section.

> PS: This piece of code brought me to the question, why this thunk gets an
> empty one plus ?

  Huh?  Empty one of what?  Plus what?  I don't get what you're asking.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]