* PATCH for bfd in binutils-2.9.1/gdb-4.17
@ 1999-02-23 8:18 Manfred Hollstein
1999-04-14 9:08 ` PATCH: fix unitialized memory reads in bfd/elf32-mips.c Manfred Hollstein
0 siblings, 1 reply; 2+ messages in thread
From: Manfred Hollstein @ 1999-02-23 8:18 UTC (permalink / raw)
To: ian; +Cc: bfd, gdb-patches
This small patch fixes a bug I observed while running gdb-4.17
on a mips-sgi-irix5.3 system. Since the debuggee's debug info
was larger than the system's virtual memory was able to provide,
the "goto error_return" in bfd/elf32-mips.c:_bfd_mips_elf_read_ecoff_info
got executed, which in turn tries to cleanup allocated memory.
Unfortunately, it's simply checking probably unitialized
memory to decide whether it should.
Later,
manfred
bfd/ChangeLog:
1999-02-23 Manfred Hollstein <manfred@s-direktnet.de>
* elf32-mips.c (_bfd_mips_elf_read_ecoff_info): Ensure only actually
allocated members will be free'ed at error_return.
diff -rup -x CVS -x RCS -x *.o -x *.info* -x *.html* -x *.elc -x *.dvi -x *.orig -x *~ -x version.el binutils-2.9.1.orig/bfd/elf32-mips.c binutils-2.9.1/bfd/elf32-mips.c
--- binutils-2.9.1.orig/bfd/elf32-mips.c Fri May 1 17:48:09 1998
+++ binutils-2.9.1/bfd/elf32-mips.c Tue Feb 23 16:27:52 1999
@@ -2904,6 +2904,20 @@ _bfd_mips_elf_read_ecoff_info (abfd, sec
swap = get_elf_backend_data (abfd)->elf_backend_ecoff_debug_swap;
+ /* Ensure only actually allocated members will be free'ed at
+ error_return. */
+ debug->line = NULL;
+ debug->external_dnr = NULL;
+ debug->external_pdr = NULL;
+ debug->external_sym = NULL;
+ debug->external_opt = NULL;
+ debug->external_aux = NULL;
+ debug->ss = NULL;
+ debug->ssext = NULL;
+ debug->external_fdr = NULL;
+ debug->external_rfd = NULL;
+ debug->external_ext = NULL;
+
ext_hdr = (char *) bfd_malloc ((size_t) swap->external_hdr_size);
if (ext_hdr == NULL && swap->external_hdr_size != 0)
goto error_return;
^ permalink raw reply [flat|nested] 2+ messages in thread
* PATCH: fix unitialized memory reads in bfd/elf32-mips.c
1999-02-23 8:18 PATCH for bfd in binutils-2.9.1/gdb-4.17 Manfred Hollstein
@ 1999-04-14 9:08 ` Manfred Hollstein
0 siblings, 0 replies; 2+ messages in thread
From: Manfred Hollstein @ 1999-04-14 9:08 UTC (permalink / raw)
To: bug-gdb; +Cc: bfd, gdb-patches
Hi,
I reported this problem already with bfd in binutils-2.9.1 and gdb-4.17;
as it is still present in gdb-4.18, I'm re-posting a patch.
manfred
On Tue, 23 February 1999, 17:20:23, manfred@s-direktnet.de wrote:
> This small patch fixes a bug I observed while running gdb-4.17
> on a mips-sgi-irix5.3 system. Since the debuggee's debug info
> was larger than the system's virtual memory was able to provide,
> the "goto error_return" in bfd/elf32-mips.c:_bfd_mips_elf_read_ecoff_info
> got executed, which in turn tries to cleanup allocated memory.
> Unfortunately, it's simply checking probably unitialized
> memory to decide whether it should.
1999-04-14 Manfred Hollstein <mhollstein@cygnus.com>
* elf32-mips.c (_bfd_mips_elf_read_ecoff_info): Set all
fields to 0 which may cause erroneous calls to free when
"goto error_return" is executed.
diff -rup -x CVS -x RCS -x *.o -x *.info* -x *.html* -x *.elc -x *.dvi -x *.orig -x *~ -x version.el gdb-4.18.orig/bfd/elf32-mips.c gdb-4.18/bfd/elf32-mips.c
--- gdb-4.18.orig/bfd/elf32-mips.c Wed Apr 7 22:57:07 1999
+++ gdb-4.18/bfd/elf32-mips.c Wed Apr 14 15:13:27 1999
@@ -3058,6 +3058,17 @@ _bfd_mips_elf_read_ecoff_info (abfd, sec
/* The symbolic header contains absolute file offsets and sizes to
read. */
+ debug->line = 0;
+ debug->external_dnr = 0;
+ debug->external_pdr = 0;
+ debug->external_sym = 0;
+ debug->external_opt = 0;
+ debug->external_aux = 0;
+ debug->ss = 0;
+ debug->ssext = 0;
+ debug->external_fdr = 0;
+ debug->external_rfd = 0;
+ debug->external_ext = 0;
#define READ(ptr, offset, count, size, type) \
if (symhdr->count == 0) \
debug->ptr = NULL; \
--
Manfred Hollstein If you have any questions about GNU software:
EMAIL: <mhollstein@cygnus.com> or <manfred.h@gmx.net>
WWW: < http://home.t-online.de/home/manfred-h/ >
PGP: < http://home.t-online.de/home/manfred-h/manfred.hATgmx.net.asc >
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~1999-04-14 9:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
1999-02-23 8:18 PATCH for bfd in binutils-2.9.1/gdb-4.17 Manfred Hollstein
1999-04-14 9:08 ` PATCH: fix unitialized memory reads in bfd/elf32-mips.c Manfred Hollstein
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).