This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
RE: An memory over bounds access in pe_dll.c
- From: "Dave Korn" <dave dot korn at artimi dot com>
- To: "'Kai Tietz'" <Kai dot Tietz at onevision dot com>, <binutils at sourceware dot org>
- Date: Fri, 15 Sep 2006 12:39:59 +0100
- Subject: RE: An memory over bounds access in pe_dll.c
On 15 September 2006 11:18, Kai Tietz wrote:
> I found a memory violation in the function "make_singleton_name_thunk" of
> pe_dll.c file. There is allocated a heap buffer of 4 bytes and afterwards
> memset this pointer with length of 8 bytes,
>
> --- src/ld/pe-dll.c 2006-08-21 10:12:46.000000000 +0200
> +++ src_n/ld/pe-dll.c 2006-09-15 12:07:39.000000000 +0200
> @@ -2036,7 +2036,7 @@
> quick_symbol (abfd, U ("_nm_"), import, "", UNDSEC, BSF_GLOBAL, 0);
>
> bfd_set_section_size (abfd, id4, 8);
> - d4 = xmalloc (4);
> + d4 = xmalloc (8);
> id4->contents = d4;
> memset (d4, 0, 8);
> quick_reloc (abfd, 0, BFD_RELOC_RVA, 2);
>
Ouch! Good catch. But, it would be better to make a #define to replace
/all/ the hard-coded constant 8s in that section.
> PS: This piece of code brought me to the question, why this thunk gets an
> empty one plus ?
Huh? Empty one of what? Plus what? I don't get what you're asking.
cheers,
DaveK
--
Can't think of a witty .sigline today....