[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug ld/5788] New: Linker memory corruption
From: |
hjl dot tools at gmail dot com |
Subject: |
[Bug ld/5788] New: Linker memory corruption |
Date: |
22 Feb 2008 23:31:04 -0000 |
This patch
http://sourceware.org/ml/binutils/2007-02/msg00006.html
causes a serious memory corruption in linker. There are 2 problems in
elf_create_symbuf:
ssymbuf = bfd_malloc ((shndx_count + 1) * sizeof (*ssymbuf)
+ (indbufend - indbuf) * sizeof (*ssymbuf));
if (ssymbuf == NULL)
{
free (indbuf);
return NULL;
}
ssym = (struct elf_symbuf_symbol *) (ssymbuf + shndx_count);
ssymbuf->ssym = NULL;
ssymbuf->count = shndx_count;
ssymbuf->st_shndx = 0;
1. Only one combined buffer is allocated for both ssymbuf and ssym.
But it is wrong to assume that size of ssym is the same as ssymbuf.
2. There are shndx_count + 1 entries in ssymbuf. ssym should
start at ssymbuf + shndx_count + 1, not ssymbuf + shndx_count
since the first entry is for shndx_count.
--
Summary: Linker memory corruption
Product: binutils
Version: 2.19 (HEAD)
Status: NEW
Severity: critical
Priority: P1
Component: ld
AssignedTo: unassigned at sources dot redhat dot com
ReportedBy: hjl dot tools at gmail dot com
CC: bug-binutils at gnu dot org,jakub at redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=5788
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
- [Bug ld/5788] New: Linker memory corruption,
hjl dot tools at gmail dot com <=