This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
RE: An memory over bounds access in pe_dll.c
- From: Kai Tietz <Kai dot Tietz at onevision dot com>
- To: "Dave Korn" <dave dot korn at artimi dot com>
- Cc: binutils at sourceware dot org
- Date: Fri, 15 Sep 2006 13:52:37 +0200
- Subject: RE: An memory over bounds access in pe_dll.c
Hallo Dave,
I meant by an empty one the fact, that the idata4 element (called thumb)
has under i(3456)86 PE a size of 4 bytes. Therefore, if there are stored 8
bytes - as it is - it means there is an additional empty (zero) thumb
present.
In the patch for PE+ for x86_64 I modified this code to the size of one
thumb element and I didn't found any problems for PE. In my pending patch,
I replaced the IDATA4 and IDATA5 sizes by constances, because it is ugly
to read.
Regards,
i.A. Kai Tietz
PS: Under the x86_64 target one thumb element gets really the size of 8
bytes.
"Dave Korn" <dave.korn@artimi.com>
15.09.2006 13:42
To
"'Kai Tietz'" <Kai.Tietz@onevision.com>, <binutils@sourceware.org>
cc
Subject
RE: An memory over bounds access in pe_dll.c
On 15 September 2006 11:18, Kai Tietz wrote:
> I found a memory violation in the function "make_singleton_name_thunk"
of
> pe_dll.c file. There is allocated a heap buffer of 4 bytes and
afterwards
> memset this pointer with length of 8 bytes,
>
> --- src/ld/pe-dll.c 2006-08-21 10:12:46.000000000 +0200
> +++ src_n/ld/pe-dll.c 2006-09-15 12:07:39.000000000 +0200
> @@ -2036,7 +2036,7 @@
> quick_symbol (abfd, U ("_nm_"), import, "", UNDSEC, BSF_GLOBAL, 0);
>
> bfd_set_section_size (abfd, id4, 8);
> - d4 = xmalloc (4);
> + d4 = xmalloc (8);
> id4->contents = d4;
> memset (d4, 0, 8);
> quick_reloc (abfd, 0, BFD_RELOC_RVA, 2);
>
Ouch! Good catch. But, it would be better to make a #define to replace
/all/ the hard-coded constant 8s in that section.
> PS: This piece of code brought me to the question, why this thunk gets
an
> empty one plus ?
Huh? Empty one of what? Plus what? I don't get what you're asking.
cheers,
DaveK
--
Can't think of a witty .sigline today....