This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: [RFA:] Fix PR14481 for almost all a.out-targets
- From: "H.J. Lu" <hjl dot tools at gmail dot com>
- To: Hans-Peter Nilsson <hans-peter dot nilsson at axis dot com>
- Cc: binutils at sourceware dot org
- Date: Tue, 6 Nov 2012 22:18:14 -0800
- Subject: Re: [RFA:] Fix PR14481 for almost all a.out-targets
- References: <201211070512.qA75CKih028694@ignucius.se.axis.com>
On Tue, Nov 6, 2012 at 9:12 PM, Hans-Peter Nilsson
<hans-peter.nilsson@axis.com> wrote:
>
> There's also exposed what seems to be some *actual* binutils bugs:
>
> Running /home/hp/binutils/src/binutils/testsuite/binutils-all/objcopy.exp ...
> Version /home/hp/binutils/obj/l/binutils/objcopy 2.23.51.20121106
> FAIL: objcopy -i --interleave-width
> Running /home/hp/binutils/src/binutils/testsuite/binutils-all/objdump.exp ...
> Version /home/hp/binutils/obj/l/binutils/objdump 2.23.51.20121106
> FAIL: objdump -W
> FAIL: objdump -WL
>
> In binutils.log, for "FAIL: objcopy -i --interleave-width":
> ==6873== Invalid read of size 1
> ==6873== at 0x804C958: copy_section (objcopy.c:2826)
> ==6873== by 0x8077D3B: bfd_map_over_sections (section.c:1329)
> ==6873== by 0x804B042: copy_object (objcopy.c:1935)
> ==6873== by 0x804C31A: copy_file (objcopy.c:2346)
> ==6873== by 0x804E1C1: main (objcopy.c:4051)
> ==6873== Address 0x402d011 is 0 bytes after a block of size 9 alloc'd
> ==6873== at 0x4006AEE: malloc (vg_replace_malloc.c:207)
> ==6873== by 0x8076146: bfd_malloc (libbfd.c:183)
> ==6873== by 0x808659F: bfd_get_full_section_contents (compress.c:181)
> ==6873== by 0x804C847: copy_section (objcopy.c:2783)
> ==6873== by 0x8077D3B: bfd_map_over_sections (section.c:1329)
> ==6873== by 0x804B042: copy_object (objcopy.c:1935)
> ==6873== by 0x804C31A: copy_file (objcopy.c:2346)
> ==6873== by 0x804E1C1: main (objcopy.c:4051)
> (repeated once)
>
I checked in this as an obvious fix.
--
H.J.
---
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 84ea185..688d569 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,7 @@
+2012-11-07 H.J. Lu <hongjiu.lu@intel.com>
+
+ * objcopy.c (copy_section): Don't read beyond section end.
+
2012-11-06 H.J. Lu <hongjiu.lu@intel.com>
PR binutils/14567
diff --git a/binutils/objcopy.c b/binutils/objcopy.c
index f44ebcd..4860864 100644
--- a/binutils/objcopy.c
+++ b/binutils/objcopy.c
@@ -2823,7 +2823,11 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg)
for (; from < end; from += interleave)
for (i = 0; i < copy_width; i++)
- *to++ = from[i];
+ {
+ if (&from[i] >= end)
+ break;
+ *to++ = from[i];
+ }
size = (size + interleave - 1 - copy_byte) / interleave * copy_width;
osection->lma /= interleave;