[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/6743] addr2line frees an invalid pointer
|
From: |
csilvers at google dot com |
|
Subject: |
[Bug binutils/6743] addr2line frees an invalid pointer |
|
Date: |
14 Jul 2008 00:12:48 -0000 |
------- Additional Comments From csilvers at google dot com 2008-07-14 00:12
-------
Subject: Re: PATCH COMMITTED: new variable for malloc
It turns out a variable I thought would always point to the beginning
of the malloc-block, can actually change value. This was causing
crashes in some cases. I've fixed this by adding a new pointer, that
always points to the malloc-location, so we can always free it safely.
I'm comitting this under the "obvious fix" principle. This is
probably the least obvious of the obvious fixes I've done so far, but
I hope it still safely falls into that category.
craig
--cut here--
2008-07-13 Craig Silverstein <address@hidden>
* dwarf2.c (struct dwarf2_debug): New variable info_ptr_memory.
(find_line): Use info_ptr_memory instead of sec_info_ptr.
(_bfd_dwarf2_cleanup_debug_info): Likewise.
Index: bfd/dwarf2.c
===================================================================
RCS file: /cvs/src/src/bfd/dwarf2.c,v
retrieving revision 1.110
diff -u -r1.110 dwarf2.c
--- bfd/dwarf2.c 11 Jul 2008 09:18:19 -0000 1.110
+++ bfd/dwarf2.c 14 Jul 2008 00:09:17 -0000
@@ -104,6 +104,12 @@
asection *sec;
bfd_byte *sec_info_ptr;
+ /* A pointer to the memory block allocated for info_ptr. Neither
+ info_ptr nor sec_info_ptr are guaranteed to stay pointing to the
+ beginning of the malloc block. This is used only to free the
+ memory later. */
+ bfd_byte *info_ptr_memory;
+
/* Pointer to the symbol table. */
asymbol **syms;
@@ -2915,8 +2921,9 @@
total_size = msec->size;
if (! read_section (debug_bfd, ".debug_info", ".zdebug_info",
symbols, 0,
- &stash->info_ptr, &total_size))
+ &stash->info_ptr_memory, &total_size))
goto done;
+ stash->info_ptr = stash->info_ptr_memory;
stash->info_ptr_end = stash->info_ptr + total_size;
}
else
@@ -2931,10 +2938,11 @@
if (all_uncompressed)
{
/* Case 2: multiple sections, but none is compressed. */
- stash->info_ptr = bfd_malloc (total_size);
- if (stash->info_ptr == NULL)
+ stash->info_ptr_memory = bfd_malloc (total_size);
+ if (stash->info_ptr_memory == NULL)
goto done;
+ stash->info_ptr = stash->info_ptr_memory;
stash->info_ptr_end = stash->info_ptr;
for (msec = find_debug_info (debug_bfd, NULL);
@@ -2963,7 +2971,8 @@
else
{
/* Case 3: multiple sections, some or all compressed. */
- stash->info_ptr = bfd_malloc (1);
+ stash->info_ptr_memory = bfd_malloc (1);
+ stash->info_ptr = stash->info_ptr_memory;
stash->info_ptr_end = stash->info_ptr;
for (msec = find_debug_info (debug_bfd, NULL);
msec;
@@ -3292,5 +3301,5 @@
free (stash->dwarf_abbrev_buffer);
free (stash->dwarf_line_buffer);
free (stash->dwarf_ranges_buffer);
- free (stash->sec_info_ptr);
+ free (stash->info_ptr_memory);
}
--
http://sourceware.org/bugzilla/show_bug.cgi?id=6743
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
- [Bug binutils/6743] New: addr2line frees an invalid pointer, hjl dot tools at gmail dot com, 2008/07/13
- [Bug binutils/6743] addr2line frees an invalid pointer, hjl dot tools at gmail dot com, 2008/07/13
- [Bug binutils/6743] addr2line frees an invalid pointer, hjl dot tools at gmail dot com, 2008/07/13
- [Bug binutils/6743] addr2line frees an invalid pointer, hjl dot tools at gmail dot com, 2008/07/13
- [Bug binutils/6743] addr2line frees an invalid pointer, hjl dot tools at gmail dot com, 2008/07/13
- [Bug binutils/6743] addr2line frees an invalid pointer, csilvers at google dot com, 2008/07/13
- [Bug binutils/6743] addr2line frees an invalid pointer, hjl dot tools at gmail dot com, 2008/07/13
- [Bug binutils/6743] addr2line frees an invalid pointer, csilvers at google dot com, 2008/07/13
- [Bug binutils/6743] addr2line frees an invalid pointer,
csilvers at google dot com <=