[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug ld/5788] New: Linker memory corruption

From: hjl dot tools at gmail dot com
Subject: [Bug ld/5788] New: Linker memory corruption
Date: 22 Feb 2008 23:31:04 -0000

This patch


causes a serious memory corruption in linker. There are 2 problems in

  ssymbuf = bfd_malloc ((shndx_count + 1) * sizeof (*ssymbuf)
                        + (indbufend - indbuf) * sizeof (*ssymbuf));
  if (ssymbuf == NULL) 
      free (indbuf);
      return NULL; 

  ssym = (struct elf_symbuf_symbol *) (ssymbuf + shndx_count);
  ssymbuf->ssym = NULL; 
  ssymbuf->count = shndx_count;
  ssymbuf->st_shndx = 0;

1. Only one combined buffer is allocated for both ssymbuf and ssym.
But it is wrong to assume that size of ssym is the same as ssymbuf.
2. There are shndx_count + 1 entries in ssymbuf. ssym should
start at ssymbuf + shndx_count + 1, not ssymbuf + shndx_count
since the first entry is for shndx_count.

           Summary: Linker memory corruption
           Product: binutils
           Version: 2.19 (HEAD)
            Status: NEW
          Severity: critical
          Priority: P1
         Component: ld
        AssignedTo: unassigned at sources dot redhat dot com
        ReportedBy: hjl dot tools at gmail dot com
                CC: bug-binutils at gnu dot org,jakub at redhat dot com


------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]