This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] null ptr deref

Hi Joseph, Hi Michael,

msnyder@sonic.net wrote: 
If out_list can be null, then we'll crash when we dereference it
on the next loop iteration.  If it can't, then why test it?

I don't know if I've chosen the best way to deal with it if it is
null -- open to suggestions.

There appear to be several more problems with _bfd_elf_merge_object_attributes, in addition to the one that Michael found:

* out_list is set to the object attribute list from the input bfd not the output bfd.

* in_list->tag is examined after setting "in_list = in_list->next" without checking to see if in_list is NULL.

* in_attr->s is used to check for extra tags in the output list when it might actually be set to NULL.

Joseph - I am attaching a tidy-up and fix-up of elf-attrs.c. If you think that it is OK, please could you check it in. In addition to attempting to fix the bugs above, and the problem Michael found, I have also tried to use #defined constants in the place of numeric constants in order to make the code easier to read. There were several places however where the number 4 was used and I could not work out how this number was derived. Possibly it was meant to be one more than Tag_Symbol, but I was not sure. If you could find a way of replacing 4 with a more meaningful string that would be great.

Cheers
  Nick


Attachment: elf-attrs.patch.bz2
Description: BZip2 compressed data

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]