From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 23125 invoked by alias); 26 Jul 2007 09:37:29 -0000 Received: (qmail 23111 invoked by uid 22791); 26 Jul 2007 09:37:28 -0000 X-Spam-Check-By: sourceware.org Received: from omta05sl.mx.bigpond.com (HELO omta05sl.mx.bigpond.com) (144.140.93.195) by sourceware.org (qpsmtpd/0.31) with ESMTP; Thu, 26 Jul 2007 09:37:25 +0000 Received: from oaamta05sl.mx.bigpond.com ([58.174.193.252]) by omta05sl.mx.bigpond.com with ESMTP id <20070726093722.QFXC29750.omta05sl.mx.bigpond.com@oaamta05sl.mx.bigpond.com>; Thu, 26 Jul 2007 09:37:22 +0000 Received: from bubble.grove.modra.org ([58.174.193.252]) by oaamta05sl.mx.bigpond.com with ESMTP id <20070726093722.TBSA23230.oaamta05sl.mx.bigpond.com@bubble.grove.modra.org>; Thu, 26 Jul 2007 09:37:22 +0000 Received: by bubble.grove.modra.org (Postfix, from userid 500) id E0B6F393DE3; Thu, 26 Jul 2007 19:07:21 +0930 (CST) Date: Thu, 26 Jul 2007 11:12:00 -0000 From: Alan Modra To: msnyder@sonic.net Cc: binutils@sourceware.org Subject: Re: [PATCH] reloc.c, null ptr guard Message-ID: <20070726093721.GE11649@bubble.grove.modra.org> Mail-Followup-To: msnyder@sonic.net, binutils@sourceware.org References: <24363.12.7.175.2.1185401640.squirrel@webmail.sonic.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <24363.12.7.175.2.1185401640.squirrel@webmail.sonic.net> User-Agent: Mutt/1.5.9i X-IsSubscribed: yes Mailing-List: contact binutils-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: binutils-owner@sourceware.org X-SW-Source: 2007-07/txt/msg00446.txt.bz2 On Wed, Jul 25, 2007 at 03:14:00PM -0700, msnyder@sonic.net wrote: > If reloc_size is zero, we could reach this point with a null pointer, > and dereference it. No, because reloc_count will always be zero if reloc_size is zero. This function could do with a cleanup though. * reloc.c (bfd_generic_get_relocated_section_contents): Avoid bfd_canonicalize_reloc call when bfd_get_reloc_upper_bound says there are no relocs. Index: bfd/reloc.c =================================================================== RCS file: /cvs/src/src/bfd/reloc.c,v retrieving revision 1.168 diff -u -p -r1.168 reloc.c --- bfd/reloc.c 3 Jul 2007 14:26:42 -0000 1.168 +++ bfd/reloc.c 26 Jul 2007 09:27:41 -0000 @@ -5185,26 +5185,28 @@ bfd_generic_get_relocated_section_conten bfd_boolean relocatable, asymbol **symbols) { - /* Get enough memory to hold the stuff. */ bfd *input_bfd = link_order->u.indirect.section->owner; asection *input_section = link_order->u.indirect.section; - - long reloc_size = bfd_get_reloc_upper_bound (input_bfd, input_section); - arelent **reloc_vector = NULL; + long reloc_size; + arelent **reloc_vector; long reloc_count; bfd_size_type sz; + reloc_size = bfd_get_reloc_upper_bound (input_bfd, input_section); if (reloc_size < 0) - goto error_return; - - reloc_vector = bfd_malloc (reloc_size); - if (reloc_vector == NULL && reloc_size != 0) - goto error_return; + return NULL; /* Read in the section. */ sz = input_section->rawsize ? input_section->rawsize : input_section->size; if (!bfd_get_section_contents (input_bfd, input_section, data, 0, sz)) - goto error_return; + return NULL; + + if (reloc_size == 0) + return data; + + reloc_vector = bfd_malloc (reloc_size); + if (reloc_vector == NULL) + return NULL; reloc_count = bfd_canonicalize_reloc (input_bfd, input_section, @@ -5289,12 +5291,11 @@ bfd_generic_get_relocated_section_conten } } } - if (reloc_vector != NULL) - free (reloc_vector); + + free (reloc_vector); return data; error_return: - if (reloc_vector != NULL) - free (reloc_vector); + free (reloc_vector); return NULL; } -- Alan Modra Australia Development Lab, IBM