bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/6743] addr2line frees an invalid pointer


From: csilvers at google dot com
Subject: [Bug binutils/6743] addr2line frees an invalid pointer
Date: 13 Jul 2008 23:46:47 -0000

------- Additional Comments From csilvers at google dot com  2008-07-13 23:46 
-------
I've figured out the crashing bug, and can fix that.  I tried your test and it
gave a different line number than you got, but I assume that's due to build
differences.  But just to make sure, do you mind applying the following patch,
and verifying it fixes things at your end?

craig
---

Index: bfd/dwarf2.c
===================================================================
RCS file: /cvs/src/src/bfd/dwarf2.c,v
retrieving revision 1.110
diff -u -r1.110 dwarf2.c
--- bfd/dwarf2.c        11 Jul 2008 09:18:19 -0000      1.110
+++ bfd/dwarf2.c        13 Jul 2008 23:45:20 -0000
@@ -104,6 +104,12 @@
   asection *sec;
   bfd_byte *sec_info_ptr;
 
+  /* A pointer to the memory block allocated for info_ptr.  Neither
+     info_ptr nor sec_info_ptr are guaranteed to stay pointing to the
+     beginning of the malloc block.  This is used only to free the
+     memory later.  */
+  bfd_byte *info_ptr_memory;
+
   /* Pointer to the symbol table.  */
   asymbol **syms;
 
@@ -2915,8 +2921,9 @@
           total_size = msec->size;
           if (! read_section (debug_bfd, ".debug_info", ".zdebug_info",
                               symbols, 0,
-                              &stash->info_ptr, &total_size))
+                              &stash->info_ptr_memory, &total_size))
             goto done;
+          stash->info_ptr = stash->info_ptr_memory;
           stash->info_ptr_end = stash->info_ptr + total_size;
         }
       else
@@ -2931,10 +2938,11 @@
           if (all_uncompressed)
             {
               /* Case 2: multiple sections, but none is compressed.  */
-              stash->info_ptr = bfd_malloc (total_size);
-              if (stash->info_ptr == NULL)
+              stash->info_ptr_memory = bfd_malloc (total_size);
+              if (stash->info_ptr_memory == NULL)
                goto done;
 
+              stash->info_ptr = stash->info_ptr_memory;
               stash->info_ptr_end = stash->info_ptr;
 
               for (msec = find_debug_info (debug_bfd, NULL);
@@ -2963,7 +2971,8 @@
           else
             {
               /* Case 3: multiple sections, some or all compressed.  */
-              stash->info_ptr = bfd_malloc (1);
+              stash->info_ptr_memory = bfd_malloc (1);
+              stash->info_ptr = stash->info_ptr_memory;
               stash->info_ptr_end = stash->info_ptr;
               for (msec = find_debug_info (debug_bfd, NULL);
                   msec;
@@ -3292,5 +3301,5 @@
   free (stash->dwarf_abbrev_buffer);
   free (stash->dwarf_line_buffer);
   free (stash->dwarf_ranges_buffer);
-  free (stash->sec_info_ptr);
+  free (stash->info_ptr_memory);
 }


-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |WAITING


http://sourceware.org/bugzilla/show_bug.cgi?id=6743

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]