diff options
| author | Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com> | 2015-03-27 12:09:02 +0000 |
|---|---|---|
| committer | Pedro Alves <palves@redhat.com> | 2015-03-27 12:09:02 +0000 |
| commit | ce9c0ca18fe50e1e5a87b135032e4aeba415e2ab (patch) | |
| tree | 5f1776ca60f8c4e2e46655b4d6213f71b075c937 | |
| parent | 72a9c03c27b4fa714c758fdf86d668f6402f5086 (diff) | |
| download | binutils-gdb-ce9c0ca18fe50e1e5a87b135032e4aeba415e2ab.tar.gz | |
Fix gdb_bfd_section_index for special sections
Indexes returned for special sections are off by one, i.e. with N+4
sections last one has index N+4 returned which is outside allocated
obstack (at the same time index N is not used at all).
In worst case, if sections obstack is allocated up to end of chunk,
writing last section data will cause buffer overrun and some data
corruption.
Here's output from Valgrind::
==14630== Invalid write of size 8
==14630== at 0x551B1A: add_to_objfile_sections_full (objfiles.c:225)
==14630== by 0x552768: allocate_objfile (objfiles.c:324)
==14630== by 0x4E8E2E: symbol_file_add_with_addrs (symfile.c:1171)
==14630== by 0x4E9453: symbol_file_add_from_bfd (symfile.c:1280)
==14630== by 0x4E9453: symbol_file_add (symfile.c:1295)
==14630== by 0x4E94B7: symbol_file_add_main_1 (symfile.c:1320)
==14630== by 0x514246: catch_command_errors_const (main.c:398)
==14630== by 0x5150AA: captured_main (main.c:1061)
==14630== by 0x51123C: catch_errors (exceptions.c:240)
==14630== by 0x51569A: gdb_main (main.c:1164)
==14630== by 0x408824: main (gdb.c:32)
==14630== Address 0x635f3b8 is 8 bytes after a block of size 4,064 alloc'd
==14630== at 0x4C2ABA0: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14630== by 0x60F797: xmalloc (common-utils.c:41)
==14630== by 0x5E787FB: _obstack_begin (obstack.c:184)
==14630== by 0x552679: allocate_objfile (objfiles.c:294)
==14630== by 0x4E8E2E: symbol_file_add_with_addrs (symfile.c:1171)
==14630== by 0x4E9453: symbol_file_add_from_bfd (symfile.c:1280)
==14630== by 0x4E9453: symbol_file_add (symfile.c:1295)
==14630== by 0x4E94B7: symbol_file_add_main_1 (symfile.c:1320)
==14630== by 0x514246: catch_command_errors_const (main.c:398)
==14630== by 0x5150AA: captured_main (main.c:1061)
==14630== by 0x51123C: catch_errors (exceptions.c:240)
==14630== by 0x51569A: gdb_main (main.c:1164)
==14630== by 0x408824: main (gdb.c:32)
gdb/ChangeLog:
* gdb_bfd.c (gdb_bfd_section_index): Fix off-by-one for special
sections.
| -rw-r--r-- | gdb/ChangeLog | 5 | ||||
| -rw-r--r-- | gdb/gdb_bfd.c | 8 |
2 files changed, 9 insertions, 4 deletions
diff --git a/gdb/ChangeLog b/gdb/ChangeLog index 150b29a4f04..3ef965c9f73 100644 --- a/gdb/ChangeLog +++ b/gdb/ChangeLog @@ -1,3 +1,8 @@ +2015-03-27 Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com> + + * gdb_bfd.c (gdb_bfd_section_index): Fix off-by-one for special + sections. + 2015-03-26 Joel Brobecker <brobecker@adacore.com> * dtrace-probe.c (dtrace_process_dof_probe): Contain any diff --git a/gdb/gdb_bfd.c b/gdb/gdb_bfd.c index 7543dae0b2f..3f89d3aec5b 100644 --- a/gdb/gdb_bfd.c +++ b/gdb/gdb_bfd.c @@ -616,13 +616,13 @@ gdb_bfd_section_index (bfd *abfd, asection *section) if (section == NULL) return -1; else if (section == bfd_com_section_ptr) - return bfd_count_sections (abfd) + 1; + return bfd_count_sections (abfd); else if (section == bfd_und_section_ptr) - return bfd_count_sections (abfd) + 2; + return bfd_count_sections (abfd) + 1; else if (section == bfd_abs_section_ptr) - return bfd_count_sections (abfd) + 3; + return bfd_count_sections (abfd) + 2; else if (section == bfd_ind_section_ptr) - return bfd_count_sections (abfd) + 4; + return bfd_count_sections (abfd) + 3; return section->index; } |