From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@gmail.com>
Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com [IPv6:2607:f8b0:4864:20::1029])
	by sourceware.org (Postfix) with ESMTPS id 7A0EB3858C83
	for <binutils@sourceware.org>; Fri, 14 Oct 2022 11:31:52 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 7A0EB3858C83
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-pj1-x1029.google.com with SMTP id a6-20020a17090abe0600b0020d7c0c6650so7695033pjs.0
        for <binutils@sourceware.org>; Fri, 14 Oct 2022 04:31:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=content-disposition:mime-version:message-id:subject:to:from:date
         :from:to:cc:subject:date:message-id:reply-to;
        bh=7+DZL4TlGU3mWSq/04nMBsnCriVVp7oErt4JtAQOifQ=;
        b=iawTq1psmDUiOF01HWEhIweZGZ4tuwFgt1oxoN39DX1cubayHrjkgR9QPop8CgGVPF
         z03Z23m/yryBqncTCEF1M0vFODtFd+O57PRhlkat5gi1pVqIEcKD5scm3IA72dFK0f6t
         DVpNVHM5tnST+0t9Bn5s5pJafLwXRR6rbgyqQ3uFwPE/5kAgm9YwtcQ4FKoCRT4aeMr6
         MagtWfLAhHSHn6LP6+swe4ray+LEnHabY9GQd8sXZEbscYpob6yB2x3u3hdmsB9JljLx
         f82ZqmyVIEAGRCHJzwoyrduLxs9BETGuoDM9KI2DSmqWzzajClRCOIVSn5ElXr43oEQi
         TZOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-disposition:mime-version:message-id:subject:to:from:date
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=7+DZL4TlGU3mWSq/04nMBsnCriVVp7oErt4JtAQOifQ=;
        b=uRja1c76U4H7fDpXzfmdUaXj1o0J33zHgOv3VcanEikG3heRn+MsZjGAd2fqLeqJcM
         zYSqe1A/G0bOYC6mAIBBv8DklUmaXtfzbFGB1pI72aDChfLz5ekdgGjl0Y73+tU7+inW
         wvjQUR3ZX8gy5YVugGMhBIPyJvyAXofhL4NsbmKGpMxNDjMkOU9bGqWz+xOMKeJE49HW
         UH3lRAesaT57I++rPwAVd275mSY7RPbyxMxjvEjNKUHyoEuNdn5ObbjDhLnQ6JelKYnl
         UafkdOnRGhPyDn/vTLTlyqRz1vVYtD/JOlPJ9GXCtfu5Ju+HNMdUrfhcFQ0I7FzKmiCr
         pNBg==
X-Gm-Message-State: ACrzQf0auD9oKjPKSazgzf3joxsGxK+SlUZFU9vDQv5ZPvRqlwsYdOpZ
	GrEv1Bsa1c9ciP97npG+9kAWpsCM9mU=
X-Google-Smtp-Source: AMsMyM6zzTxc3mPczFFlbzNhPNkZNy4+SMFfdNKRr0m+AKWqCGgrQi6GW1i7O8NHz7yl6xQbaW2bSA==
X-Received: by 2002:a17:90a:e2c3:b0:209:9af2:4e1a with SMTP id fr3-20020a17090ae2c300b002099af24e1amr17425263pjb.44.1665747111047;
        Fri, 14 Oct 2022 04:31:51 -0700 (PDT)
Received: from squeak.grove.modra.org ([2406:3400:51d:8cc0:16f7:73a:410:46e6])
        by smtp.gmail.com with ESMTPSA id r27-20020a63205b000000b00412a708f38asm1246929pgm.35.2022.10.14.04.31.49
        for <binutils@sourceware.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 14 Oct 2022 04:31:50 -0700 (PDT)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
	id B5CE01142DD0; Fri, 14 Oct 2022 22:01:47 +1030 (ACDT)
Date: Fri, 14 Oct 2022 22:01:47 +1030
From: Alan Modra <amodra@gmail.com>
To: binutils@sourceware.org
Subject: PR29677, Field `the_bfd` of `asymbol` is uninitialised
Message-ID: <Y0lIo5+ncY/MqBEq@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-3035.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_FILL_THIS_FORM_SHORT autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <binutils.sourceware.org>

Besides not initialising the_bfd of synthetic symbols, counting
symbols when sizing didn't match symbols created if there were any
dynsyms named "".  We don't want synthetic symbols without names
anyway, so get rid of them.  Also, simplify and correct sanity checks.

	PR 29677
	* mach-o.c (bfd_mach_o_get_synthetic_symtab): Rewrite.

diff --git a/bfd/mach-o.c b/bfd/mach-o.c
index acb35e7f0c6..5279343768c 100644
--- a/bfd/mach-o.c
+++ b/bfd/mach-o.c
@@ -938,11 +938,9 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
   bfd_mach_o_symtab_command *symtab = mdata->symtab;
   asymbol *s;
   char * s_start;
-  char * s_end;
   unsigned long count, i, j, n;
   size_t size;
   char *names;
-  char *nul_name;
   const char stub [] = "$stub";
 
   *ret = NULL;
@@ -955,27 +953,27 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
   /* We need to allocate a bfd symbol for every indirect symbol and to
      allocate the memory for its name.  */
   count = dysymtab->nindirectsyms;
-  size = count * sizeof (asymbol) + 1;
-
+  size = 0;
   for (j = 0; j < count; j++)
     {
-      const char * strng;
       unsigned int isym = dysymtab->indirect_syms[j];
+      const char *str;
 
       /* Some indirect symbols are anonymous.  */
-      if (isym < symtab->nsyms && (strng = symtab->symbols[isym].symbol.name))
-	/* PR 17512: file: f5b8eeba.  */
-	size += strnlen (strng, symtab->strsize - (strng - symtab->strtab)) + sizeof (stub);
+      if (isym < symtab->nsyms
+	  && (str = symtab->symbols[isym].symbol.name) != NULL)
+	{
+	  /* PR 17512: file: f5b8eeba.  */
+	  size += strnlen (str, symtab->strsize - (str - symtab->strtab));
+	  size += sizeof (stub);
+	}
     }
 
-  s_start = bfd_malloc (size);
+  s_start = bfd_malloc (size + count * sizeof (asymbol));
   s = *ret = (asymbol *) s_start;
   if (s == NULL)
     return -1;
   names = (char *) (s + count);
-  nul_name = names;
-  *names++ = 0;
-  s_end = s_start + size;
 
   n = 0;
   for (i = 0; i < mdata->nsects; i++)
@@ -997,47 +995,39 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
 	  entry_size = bfd_mach_o_section_get_entry_size (abfd, sec);
 
 	  /* PR 17512: file: 08e15eec.  */
-	  if (first >= count || last >= count || first > last)
+	  if (first >= count || last > count || first > last)
 	    goto fail;
 
 	  for (j = first; j < last; j++)
 	    {
 	      unsigned int isym = dysymtab->indirect_syms[j];
-
-	      /* PR 17512: file: 04d64d9b.  */
-	      if (((char *) s) + sizeof (* s) > s_end)
-		goto fail;
-
-	      s->flags = BSF_GLOBAL | BSF_SYNTHETIC;
-	      s->section = sec->bfdsection;
-	      s->value = addr - sec->addr;
-	      s->udata.p = NULL;
+	      const char *str;
+	      size_t len;
 
 	      if (isym < symtab->nsyms
-		  && symtab->symbols[isym].symbol.name)
+		  && (str = symtab->symbols[isym].symbol.name) != NULL)
 		{
-		  const char *sym = symtab->symbols[isym].symbol.name;
-		  size_t len;
-
-		  s->name = names;
-		  len = strlen (sym);
-		  /* PR 17512: file: 47dfd4d2.  */
-		  if (names + len >= s_end)
+		  /* PR 17512: file: 04d64d9b.  */
+		  if (n >= count)
 		    goto fail;
-		  memcpy (names, sym, len);
-		  names += len;
-		  /* PR 17512: file: 18f340a4.  */
-		  if (names + sizeof (stub) >= s_end)
+		  len = strnlen (str, symtab->strsize - (str - symtab->strtab));
+		  /* PR 17512: file: 47dfd4d2, 18f340a4.  */
+		  if (size < len + sizeof (stub))
 		    goto fail;
-		  memcpy (names, stub, sizeof (stub));
-		  names += sizeof (stub);
+		  memcpy (names, str, len);
+		  memcpy (names + len, stub, sizeof (stub));
+		  s->name = names;
+		  names += len + sizeof (stub);
+		  size -= len + sizeof (stub);
+		  s->the_bfd = symtab->symbols[isym].symbol.the_bfd;
+		  s->flags = BSF_GLOBAL | BSF_SYNTHETIC;
+		  s->section = sec->bfdsection;
+		  s->value = addr - sec->addr;
+		  s->udata.p = NULL;
+		  s++;
+		  n++;
 		}
-	      else
-		s->name = nul_name;
-
 	      addr += entry_size;
-	      s++;
-	      n++;
 	    }
 	  break;
 	default:

-- 
Alan Modra
Australia Development Lab, IBM