This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: [RFC] Fix PR 16910: Relocate symbol correctly if it is wrapped
- From: Yao Qi <yao at codesourcery dot com>
- To: <binutils at sourceware dot org>
- Cc: <amodra at gmail dot com>
- Date: Wed, 11 Jun 2014 14:57:11 +0800
- Subject: Re: [RFC] Fix PR 16910: Relocate symbol correctly if it is wrapped
- Authentication-results: sourceware.org; auth=none
- References: <1399541408-12698-1-git-send-email-yao at codesourcery dot com> <20140509040512 dot GG5162 at bubble dot grove dot modra dot org> <536C88E2 dot 4000509 at codesourcery dot com> <53964D23 dot 8050101 at mentor dot com> <20140610133632 dot GP5592 at bubble dot grove dot modra dot org>
Alan,
Thanks for your patch. A question below,
On 06/10/2014 09:36 PM, Alan Modra wrote:
> + if (*l == bfd_get_symbol_leading_char (input_bfd)
> + || *l == info->wrap_char)
> + ++l; <-------- [1]
> +
> + if (CONST_STRNEQ (l, WRAP))
> + {
> + l += sizeof WRAP - 1;
> +
> + if (bfd_hash_lookup (info->wrap_hash, l, FALSE, FALSE) != NULL)
> + {
> + char save = 0;
> + if (l - sizeof WRAP - 1 != h->root.string)
This is always true, because 'l' is incremented by either
'sizeof WRAP - 1' or 'sizeof WRAP'. This causes 'l' set incorrectly,
and 'h' is NULL afterwards. It causes a segmentation
fault in the caller of this function.
What you meant probably is "l - sizeof WRAP + 1 != h->root.string",
in order to check whether 'l' is incremented in [1] or not.
--
Yao (éå)