This is the mail archive of the
gdb-patches@sources.redhat.com
mailing list for the GDB project.
[RFA] Fix memory corruption bug in mdebugread.c
- From: Fred Fish <fnf at fred dot ninemoons dot com>
- To: gdb-patches at sources dot redhat dot com
- Cc: fnf at redhat dot com
- Date: Wed, 23 Jan 2002 17:03:27 -0700 (MST)
- Subject: [RFA] Fix memory corruption bug in mdebugread.c
- Reply-to: fnf at redhat dot com
The code to handle stabs continuation in mdebugread.c incorrectly
attempts to overwrite memory returned by realloc with the original
contents of the memory passed to realloc. This is wrong for two
reasons; first realloc will do any copying needed if the string is
moved, and second, the copy at the old location may be corrupted by
the time realloc returns a pointer to the new location.
This patch fixes the problem.
-Fred
2002-01-23 Fred Fish <fnf@redhat.com>
* mdebugread.c (parse_partial_symbols): Only copy stabstring1 to
stabstring on initial malloc. Reallocing will copy it for us,
if necessary.
Index: mdebugread.c
===================================================================
RCS file: /cvs/src/src/gdb/mdebugread.c,v
retrieving revision 1.22
diff -c -p -r1.22 mdebugread.c
*** mdebugread.c 2002/01/20 19:42:04 1.22
--- mdebugread.c 2002/01/24 00:02:24
*************** parse_partial_symbols (struct objfile *o
*** 2707,2714 ****
&& stabstring != debug_info->ss + fh->issBase + sh.iss)
stabstring = xrealloc (stabstring, len + len2 + 1);
else
! stabstring = xmalloc (len + len2 + 1);
! strcpy (stabstring, stabstring1);
strcpy (stabstring + len, stabstring2);
len += len2;
}
--- 2707,2716 ----
&& stabstring != debug_info->ss + fh->issBase + sh.iss)
stabstring = xrealloc (stabstring, len + len2 + 1);
else
! {
! stabstring = xmalloc (len + len2 + 1);
! strcpy (stabstring, stabstring1);
! }
strcpy (stabstring + len, stabstring2);
len += len2;
}