This patch
http://sourceware.org/ml/binutils/2007-02/msg00006.html
causes a serious memory corruption in linker. There are 2 problems in
elf_create_symbuf:
ssymbuf = bfd_malloc ((shndx_count + 1) * sizeof (*ssymbuf)
+ (indbufend - indbuf) * sizeof (*ssymbuf));
if (ssymbuf == NULL)
{
free (indbuf);
return NULL;
}
ssym = (struct elf_symbuf_symbol *) (ssymbuf + shndx_count);
ssymbuf->ssym = NULL;
ssymbuf->count = shndx_count;
ssymbuf->st_shndx = 0;
1. Only one combined buffer is allocated for both ssymbuf and ssym.
But it is wrong to assume that size of ssym is the same as ssymbuf.
2. There are shndx_count + 1 entries in ssymbuf. ssym should
start at ssymbuf + shndx_count + 1, not ssymbuf + shndx_count
since the first entry is for shndx_count.
--
Summary: Linker memory corruption
Product: binutils
Version: 2.19 (HEAD)
Status: NEW
Severity: critical
Priority: P1
Component: ld
AssignedTo: unassigned at sources dot redhat dot com
ReportedBy: hjl dot tools at gmail dot com
CC: bug-binutils at gnu dot org,jakub at redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=5788
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
_______________________________________________
bug-binutils mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-binutils
