bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/20499] gprof: segmentation fault on invalid symbol file


From: tobias at stoeckmann dot org
Subject: [Bug binutils/20499] gprof: segmentation fault on invalid symbol file
Date: Mon, 22 Aug 2016 16:58:36 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=20499

--- Comment #5 from Tobias Stoeckmann <tobias at stoeckmann dot org> ---
The buffers are secured due to their size (to be honest, I didn't even check
that when I did my review... *phew* :) ).

The actual issue arises if the parsed line does not match "%s %c %s". This
pattern fills address, type, and name in that order. If the input is merely
"x", only "address" is filled, the others are left alone.

And that is why "name" is still just a xmalloc()ed area, and the content, from
a C-perspective, undefined. Calling strlen() in such a situation could
therefore trigger a segmentation fault in very rare situations.

You can see it happening if you add a simple printf("name = %s\n", name);
statement after your PR-check. Or by debugging to that position, but I'm more
of a printf-debug person. :)

-- 
You are receiving this mail because:
You are on the CC list for the bug.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]